08-15-2020 12:42 AM - edited 08-15-2020 02:07 AM
when i set command "lifetime ca-certificate 7000",
the check command show error like this to me
how can i set my ios CA's expiration date 20 years?
08-15-2020 01:07 AM - edited 08-15-2020 02:27 AM
i do believe it supports 10 years,
PKI does not support a certificate with lifetime validity greater than the year 2099. So, It is recommended to choose a lifetime validity fewer than the value 2099.
08-15-2020 02:13 AM
08-15-2020 02:17 AM
as per my knowledge that was information i have,
to go deeper, can you provide the device model and version of code running on it.
08-15-2020 02:36 AM
08-15-2020 02:58 AM
08-15-2020 02:16 AM
08-15-2020 05:42 AM
You can define a lifetime of up to 7305 days (20 years) for the CA certificate.
crypto pki server PKI_SERVER
lifetime ca-certificate 7305
Verification
csr_dc_2#show crypto pki certificates
CA Certificate
Status: Available
Certificate Serial Number (hex): 01
Certificate Usage: Signature
Issuer:
cn=LAB-PKI.lab.net
c=GB
Subject:
cn=LAB-PKI.lab.net
c=GB
Validity Date:
start date: 13:36:00 UTC Aug 15 2020
end date: 13:36:00 UTC Aug 15 2040
Associated Trustpoints: PKI_SERVER
I was using CSR 1000v 16.12.02
HTH
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: