Re: Self-Signed Certificate Expiration

eng_adel273 · ‎12-22-2019

I have this command

rsakeypair TP-self-signed-1682106276

What does it means :1682106276

How I know the Validity end date on cisco 2960 & Cisco 3850

Karsten Iwen · ‎12-23-2019

Also answering your other thread:

First, you should ask yourself if you really need certificates on the switches. If not, just remove them.

The above number is a random value to make sure the automatically configured trustpoint is unique.

You can see the expiration date of the certificates with "show crypto pki certificates".

The easy way to get new certificates is to remove the trustpoint and certificates, remove the "ip http secure-server" and put the "ip http secure-server" back in. The switch will generate a new certificate. Before that make sure your IOS is updated to a very new release.

If you really need HTTPS on a couple of switches it would be better to go the clean way. Get a certificate from your internal CA or if you do not have one, generate one on your local PC with openssl or something similar:

https://www.feistyduck.com/books/openssl-cookbook/

https://sourceforge.net/projects/xca/

eng_adel273 · ‎12-23-2019

Thanks for your help , I did

no ip http secure-server

ip http secure-server

but the date is still 2020

Karsten Iwen · ‎12-23-2019

a) did you also remove the certificates and trustpoints?

b) do you have an IOS-version that does not have the 2020-bug?

https://www.cisco.com/c/en/us/support/docs/field-notices/704/fn70489.html