cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1504
Views
0
Helpful
7
Replies

Renew ios crypto pki server expired certificate

georgezptl
Level 1
Level 1

Hi 

My cisco ios router ca server certificate is about to expire how do i renew it

 

thanks

7 Replies 7

Hi,

What enrollment method are you using SCEP or terminal (manual)?

Either way you run crypto pki enroll <TRUSTPOINT NAME>. If you are using SCEP it should automatically pull the certificate, if using terminal it will display the CSR in the terminal, at which point you copy the CSR and get it signed by the CA, before importing the signed certificate.

 

Refer to this example here which demostrates the commands required.

 

HTH

hello,

 

the certificate was generated on the router it self, the router acts as the CA server

 

crypto pki server CA-Server
database level complete
issuer-name **********************
grant none
hash sha1
lifetime certificate 730
lifetime ca-certificate 1825
auto-rollover
database url flash:/CA/

 

Still the process same, for Local CA also.

 

I have attached good document for reference.

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

so just run command crypto pki enroll <TRUSTPOINT NAME>  and thats it ?

Yes. The trustpoint name has the configuration, running that command will enrol and install the certificate, assuming the configuration is setup and working correctly.

Its been working for 4 years now, so I do not think there will be any issue. Must I shutdown the ca server first?

No, if you shutdown the CA it will not issue a certificate.