cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Welcome to the Cisco Small Business Community

Have a question? Click on a topic board below to get started in the community.

1933
Views
10
Helpful
18
Replies
Cimmerio
Beginner

RV340 i can't change default certificate

How do I replace the default certificate? I didn't found a way so far.

18 REPLIES 18

I'm not as familiar with certificate and openssl as I'd like. Since my certificate is a CA (LestEncrypt) wildcard cert (*.mydomain,com) do you think I can alter the one I have to include the IP? It's already sign by a CA. In the meantime, I think I'm overdue for an openssl crash course. Anyway, tx for your reply 


@chamel123 wrote:

I'm not as familiar with certificate and openssl as I'd like. Since my certificate is a CA (LestEncrypt) wildcard cert (*.mydomain,com) do you think I can alter the one I have to include the IP? It's already sign by a CA. In the meantime, I think I'm overdue for an openssl crash course. Anyway, tx for your reply 


You would need to get a new cert signed by the CA. There isn't a way to add the IP option to the cert you already have - it is added by the CA at the time of the cert being signed. It's added in the "Subject Alternative Name" field of the certificate, using the notation IP:w.x.y.z

 

Also, I don't necessarily recommend using LetsEncrypt for a device cert, simply because the certs from LetsEncrypt typically expire every 3 months, and there is no automatic way to have the Cisco device update it. You will have to manually request a new cert from LetsEncrypt, then manually log in to the Cisco device and upload it.

 

 

Dear @train_wreck ,

 

we were thinking of adding the Let'sEncrypt agent to the router. In addition to what you are saying I am not certain if it will fix the issue with the IP address versus domain name. I.e. I believe ( but are not sure ) that Let's Encrypt certifies servers which are reachable on the internet not really certs for internal use.

 

 

A nice solution to this problem would be to be able to define the redirected page with the FQDN. A CLI access to the router would probably permit the user to change this.