Self-signed certificate on 2960S switch.

forman102 · ‎09-23-2011

Hi,

I'm trying to figure what commands would generate the following output in run config: (IOS 12.2(58)SE1:

crypto pki trustpoint TP-self-signed-2184062208

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-2184062208

revocation-check none

rsakeypair TP-self-signed-2184062208

!

crypto pki certificate chain TP-self-signed-2184062208

certificate self-signed 01

1111111111111xxxxxx

xxxxxxxxxxxxxxxxx

quit

I'd like to know how to do it...please provide me with any docs. Unfortunately, I can't find documentation for 2960 switch, just for routers.

Thank you,

forman

ankugarg · ‎09-23-2011

I am not sure,but just want to ask if they are not generated automatically ?

manju.cisco · ‎09-23-2011

Any IOS which is a crypto IOS(ssh feature) will have this automatically generated on the switch/router. This crypto is what we use for ssh login.

you can also generate one using command "crypto key generate rsa general-keys modulus 1024 "

Richard Burts · ‎09-23-2011

Your comments are correct about the crypto key that is generated for SSH. But that is not what the original post was asking about. The original post is asking about:

crypto pki trustpoint TP-self-signed-2184062208

and about

crypto pki certificate chain TP-self-signed-2184062208

These are not the crypto RSA keys used for SSH. These typically are generated if the IOS device enables

ip http secure-server

They could also be generated if you configure features like remote access SSL VPN on the IOS device.

And yes, if the feature is configured then the self signed certificate is automatically generated. You do not have to do anything manual to generate the self signed certificate.

HTH

Rick

HTH

Rick

manju.cisco · ‎09-24-2011

Thanks Rick for explaining about certificate TP-self-signed, even i didnt knew this till today