04-05-2012 12:31 PM - edited 03-03-2019 06:32 AM
Hopefully this is a simple question that has an equally simple answer. Is there an easy way to prevent IOS from generating self-signed keypairs and certificates whenever HTTPS-related services are enabled?
Sent from Cisco Technical Support iPhone App
Solved! Go to Solution.
04-06-2012 11:30 AM
Jody
What you are asking about seems logical. If you have installed a public certificate then you might not want the router reverting to a self signed certificate. But I do not know of any way to prevent the router from generating a self signed certificate. I have taken a look at the on line help for services and there does not seem to be anything there that would do what you want.
HTH
Rick
04-06-2012 02:04 AM
No.
HTTPS and SSLVPN requires ceritficates, so either you disable these services, or the router will have generate certificates.
04-06-2012 04:32 AM
I understand that the services require certificates, but am more interested in making sure that the certificates used are valid ones rather than self-signed ones.
I'm running into circumstances where the router is not using the defined trustpoints on reboot. I don't want self-signed certificates presented and would rather have the service simply not work until I can look into the problem.
I'm thinking that there has to be a service that can be turned off that will recent the router fr generating its own keys/certificates and leave it for me to do manually.
04-06-2012 07:31 AM
What service are you specifically referring to? One should look into the method to bind a service to a trustpoint, that should be possible.
04-06-2012 11:30 AM
Jody
What you are asking about seems logical. If you have installed a public certificate then you might not want the router reverting to a self signed certificate. But I do not know of any way to prevent the router from generating a self signed certificate. I have taken a look at the on line help for services and there does not seem to be anything there that would do what you want.
HTH
Rick
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide