How do I delete then create a new self signed Cert for sslvpn?

xler8or32 · ‎11-26-2009

I have a 881w router with IOS 15.0.1m. I messed up creating one now I need to delete it then redo it. I delete it in C pro and then reboot the router and its back. I think its the main one, could be wrong. Id like to do it in CLI.

ThanKS

Ivan Martinon · ‎12-02-2009

As far as I remember, the self signed certificate that comes with the router will always be regenerated at every reboot, why don't you create a different trustpoint and make that a self singed certificate, creating the cert and then using it where you need it.

Ricardo Prado Rueda · ‎12-02-2009

Hi,

Since you are using a Web GUI to configure the router, the SSL certificate will be re-generated after a reload since the router

acts as an HTTPS server. To do this through the CLI use the following steps:

1. Remove the crypto trustpoint that was auto-generated. Example:

ROUTER#config t
Enter configuration commands, one per line. End with CNTL/Z.
ROUTER(config)#no crypto pki trustpoint TP-self-signed-32922157
% Removing an enrolled trustpoint will destroy all certificates
received from the related Certificate Authority.

Are you sure you want to do this? [yes/no]: yes
% Be sure to ask the CA administrator to revoke your certificates.

ROUTER(config)#

2. Generate RSA key :

ROUTER(config)#crypto key generate rsa general-keys label modulus 1024 exportable

3. Create PKI trustpoint:

ROUTER(config)#crypto pki trustpoint

ROUTER(config)#enrollment selfsigned

ROUTER(config)#rsakeypair

ROUTER(config)#exit

4. Enroll trustpoint:

ROUTER(config)#crypto pki enroll

% Include the router serial number in the subject name? [yes/no]: no
% Include an IP address in the subject name? [no]: no
Generate Self Signed Router Certificate? [yes/no]: yes

Router Self Signed Certificate successfully created