Showing results for 
Search instead for 
Did you mean: 

Who Me Too'd this topic


crypto key generate rsa - unable to change expiry date - always set to Jan 1 2020

Hello guys,


We're using selfsigned certs on our voice routers for encrypted IOS (audio) conference bridges. Please find below the command set. Unfortunately the exported pem is only valid until 01 January 2020. I didn't find out how to generate one with a longer lifetime / later expiry date.


Does somebody know how to accomplish?


Thank you!



crypto key generate rsa general-keys label routername modulus 2048
crypto pki trustpoint routername
 enrollment selfsigned

 hash sha256
 rsakeypair routername
 fqdn none
 revocation-check none
 subject-name CN=routername
crypto pki enroll routername
crypto pki export routername pem terminal



routername#show crypto pki certificates
Router Self-Signed Certificate
  Status: Available
  Certificate Serial Number (hex): 01
  Certificate Usage: General Purpose
    Name: routername
  Validity Date:
    start date: 09:04:40 CET Feb 14 2019
    end   date: 01:00:00 CET Jan 1 2020
  Associated Trustpoints: routername
  Storage: nvram:routerna#1.cer

Last test was on an 4331 router with IOS XE 16.6.5 but problem seem to be the same on other hardware (like 2911) with older non-XE IOS.



Who Me Too'd this topic