Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1239
Views
0
Helpful
1
Replies

Can a wildcard or some third party certificate be used for IOS SW version 12.2(55)SE12 and IOS SW 15.0-15.3?

4kali
Level 1
Level 1

‎12-24-2019 10:08 AM


I ask this question due to the Cisco announcement made at https://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/215118-ios-self-signed-certificate-expiration-o.html#anc15 and am currently looking and trying out different solutions. Note that we don't have the budget to upgrade our equipment (yes, I think a lot of you guys know what I mean...). 

Labels:
0 Helpful
1 Reply 1

Marvin Rhoads
Hall of Fame
Hall of Fame

‎12-27-2019 04:31 PM

You can install a third party SSL certificate (wildcard or otherwise) on an IOS device if you have the private key used in generating the CSR. This is possible if you use openssl (or XCA if you prefer a Windows GUI - both are open source and free) and save the private key to a file so that you can combine it with the issues certificate and then import into your device(s)

The procedure is as described here:

https://community.cisco.com/t5/vpn-and-anyconnect/installing-ssl-certificate-s-on-ios/td-p/1527611

That said, it's generally not necessary. Even if you manage your devices using the Web UI and https you're already accepting a self-signed certificate to do so. Not much difference between that and accepting a self-signed EXPIRED certificate.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card