Buy or Renew
Buy or Renew
NOTICE: You can now engage in the community. Learn about the great new Cisco Umbrella content.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
849
Views
0
Helpful
2
Replies

PKI cerificate server in DMVPN network:EEM script

Go to solution
lap
Level 2
Level 2

‎09-13-2011 04:31 AM - edited ‎02-21-2020 05:34 PM

Hi all,

Before to jump into the subject I have two questions:

1) When the root certificate expire is it possibe to renew it automatically?

2) When a Spoke certificate is renew will the spoke save the new certificate in NVRAM?

----------------------------------------------------------------------------------------------------------------------------------

What I am looking for is a solution that could send a log/mail to our customer 2 days (for example) before the certificate expire on the SPOKE/ROOT CA. It could be a TCL script or EEM script.

Any ideas folks on how it could be made best?

Thanks in advance.

Regards,

Laurent

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎09-16-2011 01:01 AM

Laurent,

If you enrolled via SCEP, as far as I remember, timers for both CA and indetitiy cert rollover are kept (you can check in "show crypto pki timer").

We do not not automatically stope the certificate to running configuration, you have to perform a manual "wri" when enrollment (or re-enrollment is done), this is to be able to recover if things do not go your way.

I have never created such a script but it will heavily depend on your current configuration/deployment scenario.

Marcin

View solution in original post

0 Helpful
2 Replies 2

Go to solution
Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎09-16-2011 01:01 AM

Laurent,

If you enrolled via SCEP, as far as I remember, timers for both CA and indetitiy cert rollover are kept (you can check in "show crypto pki timer").

We do not not automatically stope the certificate to running configuration, you have to perform a manual "wri" when enrollment (or re-enrollment is done), this is to be able to recover if things do not go your way.

I have never created such a script but it will heavily depend on your current configuration/deployment scenario.

Marcin

0 Helpful

Go to solution
lap
Level 2
Level 2
In response to Marcin Latosiewicz

‎10-21-2011 01:45 AM

Hi Marcin,

Sorry for the late reply. Thanks for your help.

/Laurent

0 Helpful
Customers Also Viewed These Support Documents