11-26-2009 04:57 AM
I have a 881w router with IOS 15.0.1m. I messed up creating one now I need to delete it then redo it. I delete it in C pro and then reboot the router and its back. I think its the main one, could be wrong. Id like to do it in CLI.
ThanKS
12-02-2009 11:36 AM
As far as I remember, the self signed certificate that comes with the router will always be regenerated at every reboot, why don't you create a different trustpoint and make that a self singed certificate, creating the cert and then using it where you need it.
12-02-2009 11:37 AM
Hi,
Since you are using a Web GUI to configure the router, the SSL certificate will be re-generated after a reload since the router
acts as an HTTPS server. To do this through the CLI use the following steps:
1. Remove the crypto trustpoint that was auto-generated. Example:
ROUTER#config t
Enter configuration commands, one per line. End with CNTL/Z.
ROUTER(config)#no crypto pki trustpoint TP-self-signed-32922157
% Removing an enrolled trustpoint will destroy all certificates
received from the related Certificate Authority.
Are you sure you want to do this? [yes/no]: yes
% Be sure to ask the CA administrator to revoke your certificates.
ROUTER(config)#
2. Generate RSA key :
ROUTER(config)#crypto key generate rsa general-keys label
3. Create PKI trustpoint:
ROUTER(config)#crypto pki trustpoint
ROUTER(config)#enrollment selfsigned
ROUTER(config)#rsakeypair
ROUTER(config)#exit
4. Enroll trustpoint:
ROUTER(config)#crypto pki enroll
% Include the router serial number in the subject name? [yes/no]: no
% Include an IP address in the subject name? [no]: no
Generate Self Signed Router Certificate? [yes/no]: yes
Router Self Signed Certificate successfully created
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide