Serveral times now (once on a 2960 and once on a 3560) I have generated RSA keys for use with ssh by issuing the following command #crypto key generate rsa general-keys modulus 2048 .
The rsa keys are generated successfully and ssh to the switch works. HOWEVER when I reload the switch it generates its own pki self signed keys as well.
These pki keys do not present themselves in the config until after the reload of the switch. I don't know why these pki keys are being generated. I am not intentionally configuring the switch to generate pki keys. So I an unclear why this is happening. Can anyone tell me what I am doing wrong? Thanks for any info.
If a CA trustpoint is not configured for the device running the HTTPS server, the server certifies itself
and generates the needed RSA key pair.This is why the key pair is generated automatically after reload.
check if "hostname" and "domain names" and "CA TRUSTPOINT" are configured using the
command "show running-config".
for more info on Configuring a CA Trustpoint and the Switch for Secure Socket Layer HTTP refer: