Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
790
Views
0
Helpful
1
Replies

cisco switch config info/ certificate self signed 01 and the hex after / backing up configs

surbris.com
Level 1
Level 1

‎04-27-2020 03:18 PM - edited ‎04-27-2020 03:20 PM

ok so any one out there knows that backing up your configs for your switchs sucks.

 

there is a free program out there called r config

i love it but i have hit an issue.

 

when i do a back of of switch ## of 130 switchs i get a fail to save the show run   to a file (i'm using r config to ssh and use security info(user/password) to ssh download to my r config data base

 

when it failes  its allways at this line

certificate self-signed 01

 

crypto pki certificate chain TP-self-signed-XXXXXXXX
certificate self-signed 01
  3082032E 31840216 A0030201 02024101 300D0609 2A864886 F70D0101 05050030 
  30312E30 2C060355 04031325 494A531D 53656C66 2D536967 6E65642D 43657274
  ...
  ECA15D69 11970A66 252D34DC 760294A6 D1EA2329 F76EB905 6A5153C9 24F2958F
  D19BFB22 9F89EE23 02D22D9D 2186B1A1 5AD4

 each of the ##/130 switchs i have found to fail  fail at the same spot,     i have asked a friend way smarter then me and he thinks its a MTU 1500 thing where the hex is maxing out the mtu.

 

i would love to know what the hex is and why 70% of my switches pass the download but the 30% with the long hex fail

 

what is the hex,  is the self signed 01 old and needing update  ???? is this a version of the ciso swiches os needing updating???

 

what im i missing.

what do i look up   need names to do google searches ..... o   mighty cisco good in your chairs please help

 

 

Labels:
0 Helpful
1 Reply 1

pieterh
VIP
VIP

‎04-28-2020 08:32 AM

the word says: certificate self-signed 01
so it is the first self-signed certificate present in the configuration.
as such it is just an output-string in the show running-configuration not more not less.

yes it can be that the tool i used (r config) has a buffer that is too small for this output, but that has no relationship with MTU size. more likely is the switches that fail the backup have certificates with a longer key-size (1024 or even 2048 bits key ) then the switches that succeed (they may have certificate with 512 bits key?) and a buffer-overflow occurs.

 

-> guess you need to look into the properties of this tool to see if you can increase the input buffer size.

 

 

 

0 Helpful
Customers Also Viewed These Support Documents