09-23-2011 06:36 AM - edited 03-07-2019 02:23 AM
Hi,
I'm trying to figure what commands would generate the following output in run config: (IOS 12.2(58)SE1:
crypto pki trustpoint TP-self-signed-2184062208
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2184062208
revocation-check none
rsakeypair TP-self-signed-2184062208
!
!
crypto pki certificate chain TP-self-signed-2184062208
certificate self-signed 01
1111111111111xxxxxx
xxxxxxxxxxxxxxxxx
quit
I'd like to know how to do it...please provide me with any docs. Unfortunately, I can't find documentation for 2960 switch, just for routers.
Thank you,
forman
09-23-2011 08:40 AM
I am not sure,but just want to ask if they are not generated automatically ?
09-23-2011 12:06 PM
Any IOS which is a crypto IOS(ssh feature) will have this automatically generated on the switch/router. This crypto is what we use for ssh login.
you can also generate one using command "crypto key generate rsa general-keys modulus 1024 "
09-23-2011 07:56 PM
Your comments are correct about the crypto key that is generated for SSH. But that is not what the original post was asking about. The original post is asking about:
crypto pki trustpoint TP-self-signed-2184062208
and about
crypto pki certificate chain TP-self-signed-2184062208
These are not the crypto RSA keys used for SSH. These typically are generated if the IOS device enables
ip http secure-server
They could also be generated if you configure features like remote access SSL VPN on the IOS device.
And yes, if the feature is configured then the self signed certificate is automatically generated. You do not have to do anything manual to generate the self signed certificate.
HTH
Rick
09-24-2011 02:20 AM
Thanks Rick for explaining about certificate TP-self-signed, even i didnt knew this till today
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide