Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
638
Views
0
Helpful
1
Replies

Cisco IOS Certificate Server CA root query

Nicholas Poole
Level 1
Level 1

‎06-02-2010 11:13 AM

I am in the middle of labbing a DMVPN environment and after getting it working with PSK, I have got it working with certificates by setting up a Cisco IOS Certificate Server and enrolling all routers.

I have noticed that my router identity certificates seem to auto refresh/enroll their certificates ok, but I am concerned about what is going happen about the validity of the root certificate which has a finite set time.

Can anyone explain what I would need to do to ensure the root CA certificate doesnt expire, or how to replace the root cert without having to delete all the certificates on all routers?

When I check out the options I can configure inside the 'crypto pki server' or '...trustpoint' for the CA, I cant seem to find anything that makes sense, or change anything as its in use.

Labels:
0 Helpful
1 Reply 1

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎06-02-2010 12:21 PM

You're moentioning "rollover" process.

And you have option to automatically rollover ... not sure what you configured "show crypto pki timer" will show you what are active PKI timers... maybe rollover is already there?

I believe you'de be interested in this:

http://www.cisco.com/en/US/docs/ios/sec_secure_connectivity/configuration/guide/sec_cfg_mng_cert_serv_ps6441_TSD_Products_Configuration_Guide_Chapter.html#wp1193946

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents