Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
783
Views
13
Helpful
5
Replies

Self Signed Certificate CSS 11 500

Gomez
Level 1
Level 1

‎04-06-2007 05:04 AM

Hi,

I have created a self signed certificate on the CSS 11500.

It's a certificate for internal use. How long is this valid.

I used the command:

ssl gencert certkey "cerkey" signkey "signkey" cerfile "password".

I read it is only valid for 30 days? Can i prolong this date?

Frederik.

Labels:
0 Helpful
5 Replies 5

Gilles Dufour
Cisco Employee
Cisco Employee

‎04-06-2007 06:28 AM

I believe the new cert have a valid date of 1 year. But I'm not 100% sure.

You can export the certificate and use openssl to verify.

If you need a different date, the only solution is create the self signed certificate your self using openssl on a pc.

Gilles.

joquesada
Level 1
Level 1
In response to Gilles Dufour

‎04-08-2007 01:54 PM

Hi Frederik,

A self-signed cert from the CSS is only valid for 30 days and unfortunately, there is no way to extend this.

You can definitely create another cert with the same information as the previous one and use again, but you would need to do it every 30 days. Thanks!

Regards,

Jose.

Gilles Dufour
Cisco Employee
Cisco Employee
In response to joquesada

‎04-09-2007 12:35 AM

Jose,

as I said, the cert is now valid for 1 year

I just did the test to verify.

See the validity below.

[root@linux-1 tftpboot]# openssl x509 -in css_self_cert -text

Certificate:

Data:

Version: 1 (0x0)

Serial Number: 1 (0x1)

Signature Algorithm: md5WithRSAEncryption

Issuer: C=US, ST=Ma, L=Boston, O=Cisco Systems, OU=BU, CN=www.gduf.cisco.com/emailAddress=webadmin@acompanyname.com

Validity

Not Before: Apr 9 04:13:46 2007 GMT

Not After : Apr 9 04:13:46 2008 GMT

Gilles.

veriton
Level 1
Level 1
In response to Gilles Dufour

‎03-17-2008 11:04 AM

Hello Giles,

I'm interested that your certificate has a year's validity.

I haven't tried this yet but according to the 8.2 docs it looks like only 30 days:

http://www.cisco.com/en/US/customer/docs/app_ntwk_services/data_center_app_services/css11500series/v8.20/configuration/ssl/guide/certkeys.html#wp999000

Is this an error in the docs? Which software version is your CSS running?

Thanks!

Simon

0 Helpful

Gilles Dufour
Cisco Employee
Cisco Employee
In response to veriton

‎03-18-2008 07:26 AM

Simon,

I did the test again today and the date is 1 year with css version 8.20

So the doc is wrong and I will have it corrected.

[root@linux-1 VER4]# openssl x509 -in /tftpboot/mycertnew -text

Certificate:

Data:

Version: 1 (0x0)

Serial Number: 2 (0x2)

Signature Algorithm: md5WithRSAEncryption

Issuer: C=US, ST=SomeState, L=SomeCity, O=A Company Name, OU=Web Administration, CN=www.acompanyname.com/emailAddress=webadmin@acompanyname.com

Validity

Not Before: Mar 18 10:02:16 2008 GMT

Not After : Mar 18 10:02:16 2009 GMT

Gilles.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents