Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
709
Views
0
Helpful
1
Replies

Anyconnect: selfsigned trustpoint on router not being fully created

M-Square
Level 1
Level 1

‎01-09-2020 11:08 AM

Hello - 

 

I have run into issues attempting to get Anycconect running on an C921 IOS router.  The config has taken fin and I have installed the Anyconnect PKG etc.  The issue I am finding is when i enter "ip http secure-server" it doesn't create the cert as anticipated.  I have attempted zeroing out the rsa key and disabling ip http secure-server and recreating but no change.  I can SSH to the router so that is good but I cannot get the WAN side of the router to produce the HTTPS page, it just fails.

 

Using ip http secure-server does create the below but nothing after the chain portion.

crypto pki trustpoint TP-self-signed-2175254956
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2175254956
revocation-check none
rsakeypair TP-self-signed-2175254956
!
!
crypto pki certificate chain TP-self-signed-2175254956

 

 

 

What I anticipate seeing since we have done this many times is something like;

crypto pki trustpoint TP-self-signed-818839581
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-818839581
revocation-check none
rsakeypair TP-self-signed-818839581
!
!
crypto pki certificate chain TP-self-signed-818839581
certificate self-signed 01
30820229 30820192 A0030201 02020101 300D0609 2A864886 F70D0101 05050030
30312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274
69666963 6174652D 38313838 33393538 31301E17 0D313531 30303732 32303730
395A170D 32303031 30313030 30303030 5A303031 2E302C06 03550403 1325494F
532D5365 6C662D53 69676E65 642D4365 72746966 69636174 652D3831 38383339
35383130 819F300D 06092A86 4886F70D 01010105 0003818D 00308189 02818100
9862512E FADA4DEF 9966FF09 42BDEDAE DE92EF61 5787AD43 126D7F37 F8E9F904
2A8F4618 49C3365F 9FABA47C 2E46BD03 6CC4844E 35FFF01A 21EB3A72 28F5C360
E274BE5C 31C8A98E 92F70E4E AC64D465 346C28F3 CD1F77DE 06BEA86D D03F1409
6E08619A 0E727226 039E7339 FD7A8C36 5E40F603 EC85CC69 7946E671 A19BA8C7
02030100 01A35330 51300F06 03551D13 0101FF04 05300301 01FF301F 0603551D
23041830 1680140A 1E7EA6EA 91AB2851 5A33F3FC AA5E6F96 CA635730 1D060355
1D0E0416 04140A1E 7EA6EA91 AB28515A 33F3FCAA 5E6F96CA 6357300D 06092A86
4886F70D 01010505 00038181 00758E71 C9B072A2 80284BFA E1449C64 6B96815D
A2769831 2BE6283A 63AEBC84 0D48BDEC 91ED2975 D962D049 CF27A95F F1D5AB5B
F8882CC6 2712AED6 3D8F1136 C20BE039 6F41F635 540ECF0B 747C36DE 1FF8DB51
C52D442B 86F2BFD3 2999E1FA C1EB2F49 955CBC22 693CBFD0 C7BE7A20 EF22CFBA
A52EA59C 81389D45 69A48083 E1
quit
!

Any thoughts?

 

Cheers

Labels:
0 Helpful
1 Reply 1

Rob Ingram
VIP
VIP

‎01-09-2020 11:25 AM

Hi,

Check out this document, this relates to IOS self-signed certificates expiring Jan 1st 2020 and new certificates cannot be created. You may need to upgrade your firmware.

 

HTH

0 Helpful
Customers Also Viewed These Support Documents