Crypto pki cert info in config?

roderickmcdonald · ‎03-02-2010

I noticed there is a command located on 1 switch in the network. I don't recall running this command, where could it originate from?

crypto pki certificate chain TP-self-signed-2380499712

certificate self-signed 01 nvram:IOS-Self-Sig#3232.cer

Thanks

vaelliott · ‎03-02-2010

Any recent IOS upgrades?

contech-nelsong · ‎03-02-2010

Have you turned on ip http secure-server?

Ganesh Hariharan · ‎03-02-2010

I noticed there is a command located on 1 switch in the network. I don't recall running this command, where could it originate from?

crypto pki certificate chain TP-self-signed-2380499712

certificate self-signed 01 nvram:IOS-Self-Sig#3232.cer

Thanks

Hi,

This part declares the CA that your router should use and puts you in ca-trustpoint configuration mode. In this case you are using a self signed certificate, meaning you generated and signed the certificate yourself, instead of a trusted third party.
___________________________________________________
crypto pki trustpoint TP-self-signed-265710673
enrollment selfsigned
subject-name cn=IOS-Self-Signed-Certificate-265710673
revocation-check none
rsakeypair TP-self-signed-265710673
!
!
This part defines the certificate chain of the certificate in use. Meaning the trusted third party that signed the certificate, in this case yourself because it is a self signed certificate.
__________________________________________________________________________________________________________________________
crypto pki certificate chain TP-self-signed-265710673
certificate self-signed 01 nvram:IOS-Self-Sig#3301.cer

This certificate can be used for many pruposes, one being for instance SSL encryption for the management site and PKI, (public key infrastructure) is used for allowing https access, among other things also.

Hope to Help !!

Remember to rate the helpful post

Ganesh.H