IOS VPN - deleted crypto pki certificate???

Deepseadata · ‎11-20-2008

Man o man I'm getting burnt out over all this.

I wiped out my VPN config to start from scratch.

When I entered:

no crypto pki certificate chain TP-self-signed-3884018817

It asked:

Are you sure (y/n) Y - but I wasn't sure.

It replied with

"be sure to ask your CA administrator to revoke your certificates"

I hope I can still generate a rsa key pair

remi-reszka · ‎11-20-2008

No worries, you can always create new RSA keys. It depends what are you trying to use them for.

Were you using them for ISAKMP authentication or for SSH connection?

Thanks,

Remi

Deepseadata · ‎11-20-2008

I'm trying to setup my VPN. SDM created a bunch of enrties that I wanted to delete.

Now I can't seem to generate the chain with all the codes.

This is scary

remi-reszka · ‎11-21-2008

How about going to CLI and deleteing the RSA keys first with "crypto key zeroize rsa" from global configuration mode.

Also try the following commands in exec privileged mode:

"show crypto key mypubkey rsa"

"show crypto key pubkey-chain rsa"

You should see no entries after deleteing the rsa keys with the above command.

It looks like you were trying to generate self-signed certificates for IPSec VPN authentication, am I right?

I don't do much work with SDM though because you don't have much control over what commands SDM is going to deliver to the router config. Try using more CLI, you will aslo understand more.

If you want you can attach your config file so I could take a look.

Hope it helps.

Remi