Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Certificate expiry on IOS routers

Unanswered Question
May 13th, 2009
User Badges:


I have a setup where 30 branches auto enroll from a CA server located at the HO. I have no problem with this part, however when i issue the show ca certificates on any routers, I see two certificates( one used for the initiation of the ipsec tunnels and another one used for authenticating the trustpoint)

This last one will expire soon, what will happen if this last one expires? and is there a way to automatically reauthenticate all trustpoints?

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
jbayuka Tue, 05/19/2009 - 09:08
User Badges:
  • Bronze, 100 points or more

The Edit Trustpoint Configuration > Enrollment Settings tab lets you modify information about the selected trustpoint. You can select the option called "Use automatic enrollment" for this purpose. Use automatic enrollment-Specify intention to use SCEP mode. When the indicated trustpoint is configured for SCEP enrollment, the security appliance then downloads the certificates using the SCEP protocol


k.abillama Thu, 05/21/2009 - 23:57
User Badges:


MAybe you responded to another question :)

First, I don't have an ASA but an IOS router, second the auto enrollment is already configured, just reviewe the question please



This Discussion