04-09-2008 01:12 PM - edited 03-05-2019 10:18 PM
Hi there,
Serveral times now (once on a 2960 and once on a 3560) I have generated RSA keys for use with ssh by issuing the following command #crypto key generate rsa general-keys modulus 2048 .
The rsa keys are generated successfully and ssh to the switch works. HOWEVER when I reload the switch it generates its own pki self signed keys as well.
These pki keys do not present themselves in the config until after the reload of the switch. I don't know why these pki keys are being generated. I am not intentionally configuring the switch to generate pki keys. So I an unclear why this is happening. Can anyone tell me what I am doing wrong? Thanks for any info.
Solved! Go to Solution.
04-15-2008 10:09 AM
If a CA trustpoint is not configured for the device running the HTTPS server, the server certifies itself
and generates the needed RSA key pair.This is why the key pair is generated automatically after reload.
check if "hostname" and "domain names" and "CA TRUSTPOINT" are configured using the
command "show running-config".
for more info on Configuring a CA Trustpoint and the Switch for Secure Socket Layer HTTP refer:
04-15-2008 10:09 AM
If a CA trustpoint is not configured for the device running the HTTPS server, the server certifies itself
and generates the needed RSA key pair.This is why the key pair is generated automatically after reload.
check if "hostname" and "domain names" and "CA TRUSTPOINT" are configured using the
command "show running-config".
for more info on Configuring a CA Trustpoint and the Switch for Secure Socket Layer HTTP refer:
04-15-2008 10:59 AM
Hadbou,
Thank you for responding with an answer to my question and providing the URL where I can read more information. It is appreciated.
Pete.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide