Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
854
Views
0
Helpful
4
Replies

Automatic generation of self-signed certificates on IOS

Go to solution
ghostinthenet
Level 7
Level 7

‎04-05-2012 12:31 PM - edited ‎03-03-2019 06:32 AM

Hopefully this is a simple question that has an equally simple answer. Is there an easy way to prevent IOS from generating self-signed keypairs and certificates whenever HTTPS-related services are enabled?

Sent from Cisco Technical Support iPhone App

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to paolo bevilacqua

‎04-06-2012 11:30 AM

Jody

What you are asking about seems logical. If you have installed a public certificate then you might not want the router reverting to a self signed certificate. But I do not know of any way to prevent the router from generating a self signed certificate. I have taken a look at the on line help for services and there does not seem to be anything there that would do what you want.

HTH

Rick

HTH

Rick

View solution in original post

0 Helpful
4 Replies 4

Go to solution
paolo bevilacqua
Hall of Fame
Hall of Fame

‎04-06-2012 02:04 AM

No.

HTTPS and SSLVPN requires ceritficates, so either you disable these services, or the router will have generate certificates.

0 Helpful

Go to solution
ghostinthenet
Level 7
Level 7
In response to paolo bevilacqua

‎04-06-2012 04:32 AM

I understand that the services require certificates, but am more interested in making sure that the certificates used are valid ones rather than self-signed ones.

I'm running into circumstances where the router is not using the defined trustpoints on reboot. I don't want self-signed certificates presented and would rather have the service simply not work until I can look into the problem.

I'm thinking that there has to be a service that can be turned off that will recent the router fr generating its own keys/certificates and leave it for me to do manually. 

0 Helpful

Go to solution
paolo bevilacqua
Hall of Fame
Hall of Fame
In response to ghostinthenet

‎04-06-2012 07:31 AM

What service are you specifically referring to? One should look into the method to bind a service to a trustpoint, that should be possible.

0 Helpful

Go to solution
Richard Burts
Hall of Fame
Hall of Fame
In response to paolo bevilacqua

‎04-06-2012 11:30 AM

Jody

What you are asking about seems logical. If you have installed a public certificate then you might not want the router reverting to a self signed certificate. But I do not know of any way to prevent the router from generating a self signed certificate. I have taken a look at the on line help for services and there does not seem to be anything there that would do what you want.

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents