05-08-2023 12:02 AM - last edited on 08-17-2023 12:27 PM by Translator
Hallo,
since ios upgraded to
17.11 on C1111
router, i continously receive
syslog
error messages:
RSA keypair HTTPS_SS_CERT_KEYPAIR
is in violation of Cisco security compliance guidelines and will be rejected.
How can i delte and re-generate this keypair? I think its hor https server, or? Thank you.
Key name: HTTPS_SS_CERT_KEYPAIR
Key type: RSA KEYS 768 bits
Storage Device: private-config
Usage: General Purpose Key
Key is not exportable. Redundancy enabled.
Key Data: -removed-
Solved! Go to Solution.
05-08-2023 03:56 AM
768 bits key is nowadays considered too weak-> create new RSA-keys suitable for this IOS version
Security Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9300 Switches) - Configuring Secure Socket Layer HTTP [Support] - Cisco
crypto key generate rsa |
(Optional) Generates an RSA key pair. RSA key pairs are required before you can obtain a certificate for the switch. RSA key pairs are generated automatically. You can use this command to regenerate the keys, if needed. |
when new keys are generated you can issue aditional steps
read the document in the link for additional commands to use certificates
05-08-2023 03:56 AM
768 bits key is nowadays considered too weak-> create new RSA-keys suitable for this IOS version
Security Configuration Guide, Cisco IOS XE Dublin 17.11.x (Catalyst 9300 Switches) - Configuring Secure Socket Layer HTTP [Support] - Cisco
crypto key generate rsa |
(Optional) Generates an RSA key pair. RSA key pairs are required before you can obtain a certificate for the switch. RSA key pairs are generated automatically. You can use this command to regenerate the keys, if needed. |
when new keys are generated you can issue aditional steps
read the document in the link for additional commands to use certificates
05-08-2023 05:10 AM - last edited on 08-17-2023 12:28 PM by Translator
Key type:
RSA KEYS 768 bits
<<- to weak, change it to 1024
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide