Certificate expiry on IOS routers

Unanswered Question
May 13th, 2009

Hello,

I have a setup where 30 branches auto enroll from a CA server located at the HO. I have no problem with this part, however when i issue the show ca certificates on any routers, I see two certificates( one used for the initiation of the ipsec tunnels and another one used for authenticating the trustpoint)

This last one will expire soon, what will happen if this last one expires? and is there a way to automatically reauthenticate all trustpoints?

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jbayuka Tue, 05/19/2009 - 09:08

The Edit Trustpoint Configuration > Enrollment Settings tab lets you modify information about the selected trustpoint. You can select the option called "Use automatic enrollment" for this purpose. Use automatic enrollment-Specify intention to use SCEP mode. When the indicated trustpoint is configured for SCEP enrollment, the security appliance then downloads the certificates using the SCEP protocol

http://www.cisco.com/en/US/docs/security/asa/asa72/asdm52/user/guide/certs.html#wp1208362

k.abillama Thu, 05/21/2009 - 23:57

Hi,

MAybe you responded to another question :)

First, I don't have an ASA but an IOS router, second the auto enrollment is already configured, just reviewe the question please

Regards

Actions

This Discussion