SSL Certificate on Cisco router

doug_3002 · ‎11-27-2014

I am upgrading a router from a Cisco 1800 to Cisco 2900. The Cisco 1800 currently has SSL VPN with a godaddy Trustpoint and cert. Can I export the cert from the 1800 to the 2900 and it work...or is the Cert tied to the 1800 and will not work on the 2900!

Marcin Latosiewicz · ‎11-27-2014

Certificate might not be enough. You'd also need your private key.

So it might depend whether the RSA key is exportable or not.

Look into pkcs12 export and import.

doug_3002 · ‎11-27-2014

Based on my research, if the router has IOS release 12.2(15)T and newer, you can use the exportable keyword to export the keypair.

If the router has 12.3(4)T and newer, you can use the exportable and pem key workds to export both the cert and the keypair. I think this would be the easiest to do, am i understanding this correctly?

How can I tell if the tech before me used the exportable keyword or not?

Marcin Latosiewicz · ‎11-28-2014

Spoke1#sh crypto key mypubkey rsa 

% Key pair was generated at: 09:26:35 CET Nov 28 2014

Key name: TEST

Key type: RSA KEYS

 Storage Device: not specified

 Usage: General Purpose Key

 Key is exportable.