Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
934
Views
0
Helpful
2
Replies

Crypto Key Commands

Go to solution
David Ruess
VIP
VIP

‎03-15-2012 06:06 AM - edited ‎03-07-2019 05:34 AM

I manage several switches and I am learning as I go. Every switch has this shown when I do a "sh run" command:

crypto pki trustpoint TP-self-signed-3087790464

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-3087790464

revocation-check none

rsakeypair TP-self-signed-3087790464

!

!

crypto pki certificate chain TP-self-signed-3087790464

certificate self-signed 07

3058432D  213548E  1254897 35987D4  23647E9  135A158 

"These numbers repeat for several rows"

!

!

!

What does all this mean? Is it all generated when a command is entered or did someone enter these for encrytion purposes? I am only a CCNA so please keep that in mind when explaining this. Also what commands are entered to get this out put?

Any help would be greatly appreciated.

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎03-18-2012 02:58 PM

David

In my experience those lines are generally generated by the router itself in response to the configuration command

ip http secure-server

(which is generally enabled by default). Having those lines in the config does not hurt anything. If you want to use the secure server (https to your switch address for management purposes) then you do need these lines. If you dont want the secure server enabled then you can disable this function and then you could remove the self signed certificate.

HTH

Rick

HTH

Rick

View solution in original post

0 Helpful

Go to solution
mullzkBern_2
Level 1
Level 1

‎03-18-2012 04:14 PM

The crypto pki-statements are created when 'ip http secure-server' is enabled and you issue a 'create crypto key'-command for enabling SSH.

As Rick wrote, those lines do not hurt you and can be deleted if you do not need https-server.

If you want to avoid them in the beginning, just configure 'no ip http secure-server' before creating crypto keys.

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Richard Burts
Hall of Fame
Hall of Fame

‎03-18-2012 02:58 PM

David

In my experience those lines are generally generated by the router itself in response to the configuration command

ip http secure-server

(which is generally enabled by default). Having those lines in the config does not hurt anything. If you want to use the secure server (https to your switch address for management purposes) then you do need these lines. If you dont want the secure server enabled then you can disable this function and then you could remove the self signed certificate.

HTH

Rick

HTH

Rick
0 Helpful

Go to solution
mullzkBern_2
Level 1
Level 1

‎03-18-2012 04:14 PM

The crypto pki-statements are created when 'ip http secure-server' is enabled and you issue a 'create crypto key'-command for enabling SSH.

As Rick wrote, those lines do not hurt you and can be deleted if you do not need https-server.

If you want to avoid them in the beginning, just configure 'no ip http secure-server' before creating crypto keys.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card