cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1111
Views
10
Helpful
5
Replies

cisco switches' public and private key pair replacement

akrmkhls56541
Level 1
Level 1

Is it possible to change the cisco switches' public and private key pair?

5 Replies 5

lucasfreitas83
Level 1
Level 1

Hello akrmkhls56541,

 

Recently Cisco announced a problem in the self-sign certificate in devices, and share a workaround to perform change this certificate.

 

Follow the link

https://www.cisco.com/c/en/us/support/docs/field-notices/704/fn70489.html

 

This document has a 3 workaround to perform the change.

 

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future.

Best regards,
Lucas Freitas

 

 

Dear 


@lucasfreitas83 wrote:

Hello akrmkhls56541,

 

Recently Cisco announced a problem in the self-sign certificate in devices, and share a workaround to perform change this certificate.

 

Follow the link

https://www.cisco.com/c/en/us/support/docs/field-notices/704/fn70489.html

 

This document has a 3 workaround to perform the change.

 

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future.

Best regards,
Lucas Freitas

 

 


Dear @lucasfreitas83,

Thanks for your reply, it was useful to a great extent. However, I need to know if I can change the public private key pair of cisco switches or not!

Actually, it is better that I ask my question in the following forms:

1-How many public\private key pairs are there in a cisco switch?

2-What are they used for?

3-Is it possible to replace them with some other values generated externally, for example by puttygen?

4-And also, is it possible to get informed about the key pairs values that already exist in the device?

 

I'm sorry for my basic questions! I'm totally new in this field!

Hello,

 

no problem, here we all help each other.

 

1-How many public\private key pairs are there in a cisco switch?

Common is one.

 

2-What are they used for?

For web access, KPI (VPN)

 

3-Is it possible to replace them with some other values generated externally, for example by puttygen?

Yes, is possible, in the document that I sent has the procedure.

 

4-And also, is it possible to get informed about the key pairs values that already exist in the device?

In running config you can see the certificate.

 

Other document to help you.

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/mds9000/sw/5_0/configuration/guides/sec/nxos/sec/digicert.html

 

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future.

Best regards,
Lucas Freitas

Thanks for your reply! I do appreciate it!

 

Does the device use the same key pair for other tasks, e.g. for symmetric key agreement with other devices or any other activity that needs a public-private key pair?

If I change the certificate, does this impact other activities?

By default, the certificate is not assigned to any action, it is necessary to specify the use of it, so if you have never used it, it is probably not in use.
It is not assigned to everything, for example, SSH can use the certificate or an RSA key pair, created with crypto key generate rsa modulos (386-2048).
That same document has the commands and expected outputs, in case the certificate is being used somewhere.
Review Cisco Networking for a $25 gift card