Cannot configure SSL VPN from CCP for IOS router

Unanswered Question
Jan 4th, 2010
User Badges:

Hi folks,

Can someone please tell me what I did wrong to configure SSL VPN while using CCP. I have 1841 router running c1841-advsecurityk9-mz.124-24.T2.bin. Having it preconfigured for CCP I connected to the router and trying to create a new SSL VPN. In response I see the error message saying that I have to configure a persistent self-signed certificate. This is what is not clear to me, I have already created it. This is what I have in router running config:

crypto pki trustpoint TP-self-signed-2993568318
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-2993568318
revocation-check none
rsakeypair TP-self-signed-2993568318
crypto pki certificate chain TP-self-signed-2993568318
certificate self-signed 03
  30820254 308201BD A0030201 02020103 300D0609 2A864886 F70D0101 04050030
  ........ (omitted for brevity)........
  A9C14004 16AF46DB 7FAC044E 90F69E0D 6758D494 9F7AE48E

How come CCP doesn't recognize it? And moreover, if I generate it from CCP the following code is delivered to the router config

crypto ca trustpoint GIBSGW_Certificate
rsakeypair GIBSGW_Certificate_RSAKey 512
subject-name, OU=IT, O=GIB, ST=BC, C=CA
ip-address none
enrollment selfsigned
serial-number none

and next time I try to create a new SSL VPN it starts over again, namely saying that I don't have the self-signed certificate. And somehow I see that more lines showed in the router's config:

crypto pki trustpoint test_trustpoint_config_created_for_sdm

subject-name [email protected]
revocation-check crl

crypto pki certificate chain test_trustpoint_config_created_for_sdm

What does test_trustpoint_config_created_for_sdm have to do with it?

Please help, banging my head and pulling my hair !!!


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion