03-15-2012 06:06 AM - edited 03-07-2019 05:34 AM
I manage several switches and I am learning as I go. Every switch has this shown when I do a "sh run" command:
crypto pki trustpoint TP-self-signed-3087790464
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-3087790464
revocation-check none
rsakeypair TP-self-signed-3087790464
!
!
crypto pki certificate chain TP-self-signed-3087790464
certificate self-signed 07
3058432D 213548E 1254897 35987D4 23647E9 135A158
"These numbers repeat for several rows"
!
!
!
What does all this mean? Is it all generated when a command is entered or did someone enter these for encrytion purposes? I am only a CCNA so please keep that in mind when explaining this. Also what commands are entered to get this out put?
Any help would be greatly appreciated.
Solved! Go to Solution.
03-18-2012 02:58 PM
David
In my experience those lines are generally generated by the router itself in response to the configuration command
ip http secure-server
(which is generally enabled by default). Having those lines in the config does not hurt anything. If you want to use the secure server (https to your switch address for management purposes) then you do need these lines. If you dont want the secure server enabled then you can disable this function and then you could remove the self signed certificate.
HTH
Rick
03-18-2012 04:14 PM
The crypto pki-statements are created when 'ip http secure-server' is enabled and you issue a 'create crypto key'-command for enabling SSH.
As Rick wrote, those lines do not hurt you and can be deleted if you do not need https-server.
If you want to avoid them in the beginning, just configure 'no ip http secure-server' before creating crypto keys.
03-18-2012 02:58 PM
David
In my experience those lines are generally generated by the router itself in response to the configuration command
ip http secure-server
(which is generally enabled by default). Having those lines in the config does not hurt anything. If you want to use the secure server (https to your switch address for management purposes) then you do need these lines. If you dont want the secure server enabled then you can disable this function and then you could remove the self signed certificate.
HTH
Rick
03-18-2012 04:14 PM
The crypto pki-statements are created when 'ip http secure-server' is enabled and you issue a 'create crypto key'-command for enabling SSH.
As Rick wrote, those lines do not hurt you and can be deleted if you do not need https-server.
If you want to avoid them in the beginning, just configure 'no ip http secure-server' before creating crypto keys.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide