07-03-2020 08:04 AM
HI
I have enabled NETCONF on a lab CSR1000V and I am getting message on terminal as below
NETCONF/SSH: error: Trustpoint does not have a cert
Also I am unable to connect to it via yang explorer from my Ubuntu machine.
My running config is as below:
R1#sh running-config
Building configuration...
Current configuration : 1482 bytes
!
! Last configuration change at 20:14:45 UTC Fri Jul 3 2020 by k
!
version 16.6
service timestamps debug datetime msec
service timestamps log datetime msec
platform qfp utilization monitor load 80
no platform punt-keepalive disable-kernel-core
platform console virtual
!
hostname R1
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
!
!
!
!
!
!
ip domain name kj.com
!
!
!
!
!
!
!
!
!
!
subscriber templating
!
!
!
!
!
!
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
license udi pid CSR1000V sn 9OG0Q0W7LHE
license boot level ax
diagnostic bootup level minimal
spanning-tree extend system-id
!
netconf-yang
!
!
username k privilege 15 password 0 kk
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface GigabitEthernet1
ip address 192.168.1.100 255.255.255.0
negotiation auto
no mop enabled
no mop sysid
!
interface GigabitEthernet2
no ip address
shutdown
negotiation auto
no mop enabled
no mop sysid
!
interface GigabitEthernet3
no ip address
shutdown
negotiation auto
no mop enabled
no mop sysid
!
!
virtual-service csr_mgmt
!
ip forward-protocol nd
ip http server
ip http authentication local
ip http secure-server
!
ip ssh version 2
ip ssh server algorithm encryption aes128-ctr aes192-ctr aes256-ctr
ip ssh client algorithm encryption aes128-ctr aes192-ctr aes256-ctr
!
!
!
!
!
control-plane
!
!
!
!
!
!
line con 0
stopbits 1
line vty 0 4
login local
transport input ssh
!
netconf ssh
!
!
!
!
!
end
07-17-2020 01:42 AM
This issue appears to be a result of self-signed certificates on IOS/IOS-XE platforms expiring on Jan 1st 2020.
The resolution is to upgrade to a newer version of IOS where this issue has been fixed, however I was only testing and able to workaround by changing the time/date to pre Jan 1st 2020.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide