How do I delete then create a new self signed Cert for sslvpn?

Unanswered Question
Nov 26th, 2009

I have a 881w router with IOS 15.0.1m.  I messed up creating one now I need to delete it then redo it. I delete it in C pro and then reboot the router and its back. I think its the main one, could be wrong.  Id like to do it in CLI.


I have this problem too.
1 vote
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Ivan Martinon Wed, 12/02/2009 - 11:36

As far as I remember, the self signed certificate that comes with the router will always be regenerated at every reboot, why don't you create a different trustpoint and make that a self singed certificate, creating the cert and then using it where you need it.

Ricardo Prado Rueda Wed, 12/02/2009 - 11:37


   Since you are using a Web GUI to configure the router, the SSL certificate will be re-generated after a reload since the router

acts as an HTTPS server. To do this through the CLI use the following steps:

1. Remove the crypto trustpoint that was auto-generated. Example:

ROUTER#config t
Enter configuration commands, one per line.  End with CNTL/Z.
ROUTER(config)#no crypto pki trustpoint TP-self-signed-32922157
% Removing an enrolled trustpoint will destroy all certificates
received from the related Certificate Authority.

Are you sure you want to do this? [yes/no]: yes
% Be sure to ask the CA administrator to revoke your certificates.


2. Generate RSA key :

ROUTER(config)#crypto key generate rsa general-keys label modulus 1024 exportable

3. Create PKI trustpoint:

ROUTER(config)#crypto pki trustpoint

ROUTER(config)#enrollment selfsigned



4. Enroll trustpoint:

ROUTER(config)#crypto pki enroll

% Include the router serial number in the subject name? [yes/no]: no
% Include an IP address in the subject name? [no]: no
Generate Self Signed Router Certificate? [yes/no]: yes

Router Self Signed Certificate successfully created


This Discussion