01-09-2014 01:07 AM - edited 02-21-2020 05:04 AM
Hi all,
I was under the impression (from past experiences) that SSH self-signed certificates are made up of the Hostname and the Domain Name of the router.
I have been working on a customer network and I can see that the SSH RSA certificate is using the old hostname of the device+domain name but SSH still works both inbound and outbound on the VTY lines!
I thought you had to zeroize the keys and recreate using the crypto key generate rsa command in order to continue to use SSH after a hostname change so that the new certificate contains the new hostname?
Any explanation would be greately appreciated
Many thanks
David
Solved! Go to Solution.
01-09-2014 01:13 AM
Hi David.
Yes after changing router parameter such as Hostname, domain name SSH still works with the old certificate.
What i can suggest you is to recreate it through crypto key generate rsa command in configuration mode.
HTH
Regards
Carlo
01-09-2014 01:13 AM
Hi David.
Yes after changing router parameter such as Hostname, domain name SSH still works with the old certificate.
What i can suggest you is to recreate it through crypto key generate rsa command in configuration mode.
HTH
Regards
Carlo
01-09-2014 02:59 AM
Thanks for confirming Carlo, this had to be the case as I am seeing it work with old certificate but I just needed to check as I thought in the past I had to re-generate the cert first. Thanks again
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide