Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
273
Views
0
Helpful
1
Replies

HTTP Copy from switch to public web site error

fbaro
Cisco Employee
Cisco Employee

‎12-11-2024 03:05 PM

Looking for some help and direction on what I would think is a fairly straightforward process.  Trying to copy a file from my switch(IOS XE 17.15.2) which is connected to my router.  Switch<->home router<-internet->ieee.org server.  I am sure this is certification issue, but not sure how to go about it.  The http secure-server generated the self signed Trustpoint. 

 

crypto pki trustpoint TP-self-signed-1789423628

 enrollment selfsigned

 subject-name cn=IOS-Self-Signed-Certificate-1789423628

 revocation-check none

 rsakeypair TP-self-signed-1789423628

 hash sha256

 

!         

interface GigabitEthernet1/1

 switchport access vlan 400

!

interface Vlan400

 ip address dhcp

!

no ip http server

ip http secure-server

ip http client source-interface Vlan400

ip forward-protocol nd

ip route 0.0.0.0 0.0.0.0 dhcp

 

IE3400#ping standards-oui.ieee.org    

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 140.98.223.27, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 96/115/160 ms

IE3400#Copy https://standards-oui.ieee.org/oui/oui.csv flash:oui.csv

Destination filename [oui.csv]? 

%Warning:There is a file already existing with this name 

Do you want to over write? [confirm]

Accessing https://standards-oui.ieee.org/oui/oui.csv...

%Error opening https://standards-oui.ieee.org/oui/oui.csv (I/O error)

 

Debug ssl openssl errors

 

*Jan  3 04:35:10.703: CRYPTO_OPSSL: Validate Certificate Chain Callback

*Jan  3 04:35:10.706: CRYPTO_OPSSL: Certificate verification has failed

*Jan  3 04:35:10.708: 0:error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed:../VIEW_ROOT/cisco.comp/openssl/src/dist/ssl/statem/statem_clnt.c:1921:

0 Helpful
1 Reply 1

Flavio Miranda
VIP
VIP

‎12-11-2024 03:18 PM

@fbaro 

 

crypto pki trustpoint labTrustpoint
 enrollment terminal pem
 serial-number none
 fqdn none
 ip-address none
 subject-name cn=router.example.cisco.com
 subject-alt-name myrouter.example.cisco.com
 revocation-check none
 rsakeypair rsaKey
 hash sha256

https://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/220422-configure-ca-signed-certificates-with-io.html

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card