cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1158
Views
0
Helpful
1
Replies

Can a wildcard or some third party certificate be used for IOS SW version 12.2(55)SE12 and IOS SW 15.0-15.3?

4kali
Level 1
Level 1


I ask this question due to the Cisco announcement made at https://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/215118-ios-self-signed-certificate-expiration-o.html#anc15 and am currently looking and trying out different solutions. Note that we don't have the budget to upgrade our equipment (yes, I think a lot of you guys know what I mean...). 

1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

You can install a third party SSL certificate (wildcard or otherwise) on an IOS device if you have the private key used in generating the CSR. This is possible if you use openssl (or XCA if you prefer a Windows GUI - both are open source and free) and save the private key to a file so that you can combine it with the issues certificate and then import into your device(s)

The procedure is as described here:

https://community.cisco.com/t5/vpn-and-anyconnect/installing-ssl-certificate-s-on-ios/td-p/1527611

That said, it's generally not necessary. Even if you manage your devices using the Web UI and https you're already accepting a self-signed certificate to do so. Not much difference between that and accepting a self-signed EXPIRED certificate.

Review Cisco Networking for a $25 gift card