cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2522
Views
0
Helpful
9
Replies

How to specify a certificate to be used by the http secure-server on the IOS router?

Difan Zhao
Level 5
Level 5

Hi, I am not sure if this is the right place for the question...

I followed some link to generate key, then a CSR. Then I went to the MS cert server and obtained a cert (with the webserver template). Then I imported the cert in my router. 

GIR02-70#show crypto pki certificates verbose INT-IT-00-CER-PRO1-CA
CA Certificate
  Status: Available
  Version: 3
  Certificate Serial Number (hex): 5B0001BCFFFAFE2C330CBE2C1C00020001BCFF
  Certificate Usage: General Purpose
  Issuer:
    cn=int-IT-00-CER-PRO1-CA
    dc=int
    dc=pason
    dc=com
  Subject:
    cn=gir02-70.int.pason.com
    ou=DigitComm
    o=Pason Systems Corp
    st=Alberta
    c=CA
    hostname=gir02-70.int.pason.com
  CRL Distribution Points:
    ldap:///CN=int-IT-00-CER-PRO1-CA(1),CN=it-00-cer-pro1,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=int,DC=pason,DC=com?certificateRevocationList?base?objectClass=cRLDistributionPoint
    http://pki.int.pason.com/CertEnroll/int-IT-00-CER-PRO1-CA(1).crl
  Validity Date:
    start date: 19:53:35 CST Jan 7 2021
    end   date: 19:53:35 CST Jan 7 2023
  Subject Key Info:
    Public Key Algorithm: rsaEncryption
    RSA Public Key: (2048 bit)
  Signature Algorithm: SHA256 with RSA Encryption
  Fingerprint MD5: 82AB5A87 1F3FCE9F DD639091 54B91A5D
  Fingerprint SHA1: 1D796A63 2D226AD6 ACB05632 83AFA795 FAA44D0D
  X509v3 extensions:
    X509v3 Key Usage: A0000000
      Digital Signature
      Key Encipherment
    X509v3 Subject Key ID: 72CD118A 9329BEB4 BA1F6D85 9B3FF674 8078C697
    X509v3 Authority Key ID: 45A247A8 5B651807 1C597099 3D421F1C C5CCBD24
    Authority Info Access:
        CA ISSUERS: ldap:///CN=int-IT-00-CER-PRO1-CA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=int,DC=pason,DC=com?cACertificate?base?objectClass=certificationAuthority
        CA ISSUERS: http://pki.int.pason.com/CertEnroll/it-00-cer-pro1.int.pason.com_int-IT-00-CER-PRO1-CA(2).crt
    Extended Key Usage:
        Server Auth
  Associated Trustpoints: INT-IT-00-CER-PRO1-CA

Now, how do I specify it to be used with the http secure-server? When I open the browser with the router's hostname, I still see it using the original self-signed cert.

 

Thanks,

Difan

9 Replies 9

TJ-20933766
Spotlight
Spotlight