cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1784
Views
0
Helpful
1
Replies
Highlighted
Beginner

Cisco 2960 catalyst Crypto PKI certificate help

Good morning,

I have a number of switches from a customer that contain a crypro pki certificiate chain TP-self-signed, when running in Show runniing-config,

does the crypto key contain customer identifying information or network configuration, crypto keys have removed for security please see below

Switch#show ru

Building configuration...

Current configuration : 2937 bytes

!

version 12.2

no service pad

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname Switch

!

boot-start-marker

boot-end-marker

!

!

no aaa new-model

system mtu routing 1500

ip subnet-zero

!

!

!

crypto pki trustpoint TP-self-signed-************

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-*************

revocation-check none

rsakeypair TP-self-signed-************

!

!

crypto pki certificate chain TP-self-signed-***************

certificate self-signed 01

  ***************************************************************

****************************************************************

  quit

!

!

!

!

!

spanning-tree mode pvst

spanning-tree extend system-id

!

vlan internal allocation policy ascending

!

!

!

interface FastEthernet0/1

!

interface FastEthernet0/2

!

interface FastEthernet0/3

!

interface FastEthernet0/4

!

interface FastEthernet0/5

!

interface FastEthernet0/6

!

interface FastEthernet0/7

!

interface FastEthernet0/8

!

interface FastEthernet0/9

!

interface FastEthernet0/10

!

interface FastEthernet0/11

!

interface FastEthernet0/12

!

interface FastEthernet0/13

!

interface FastEthernet0/14

!

interface FastEthernet0/15

!

interface FastEthernet0/16

!

interface FastEthernet0/17

!

interface FastEthernet0/18

!

interface FastEthernet0/19

!

interface FastEthernet0/20

!

interface FastEthernet0/21

!

interface FastEthernet0/22

!

interface FastEthernet0/23

!

interface FastEthernet0/24

!

interface GigabitEthernet0/1

!

interface GigabitEthernet0/2

!

interface Vlan1

no ip address

no ip route-cache

shutdown

!

ip http server

ip http secure-server

!

control-plane

!

!

line con 0

line vty 0 4

login

line vty 5 15

login

!

end

Switch#

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Enthusiast

Cisco 2960 catalyst Crypto PKI certificate help

The self signed certs are generated internally by the switch to enable functions like SSH. They do contain the hostname and DNS domain that was set on the device when the cert was generated. If the DNS domain name is registered to the client and not just something made up, then it would be traceable.

View solution in original post

1 REPLY 1
Highlighted
Enthusiast

Cisco 2960 catalyst Crypto PKI certificate help

The self signed certs are generated internally by the switch to enable functions like SSH. They do contain the hostname and DNS domain that was set on the device when the cert was generated. If the DNS domain name is registered to the client and not just something made up, then it would be traceable.

View solution in original post

Content for Community-Ad