Here's the thing. I was resetting a certificate on the company router (crypto key gen rsa). I think I started wrong and used the wrong command set.
crypto pki trustpoint xxx
So - long story short, I now have a new certificate root authority showing on the SSL certificate on my Exchange clients. It looks like my Exchange server has used my router as a Certificate Authority.
Has anyone heard of this happening or know how to mitigate it in future?
Heres some relevant prints:
MyRouter#sh crypto pki trustpoints
Serial Number (hex): 01
Application generated trust point
MyRouter#show crypto key mypubkey rsa
% Key pair was generated at: 07:17:02 Apr 20 2012
Key name: HTTPS_SS_CERT_KEYPAIR
Storage Device: private-config
Usage: General Purpose Key
Key is not exportable.
Key Data: HEX HEX HEX
I dont know what this cert is.
On my Exchange SSL certificate, it now says MyRouter.MyDomain.com in the certification path instead of the certificate authority that would be needed to verify it.
Ive managed to redo the certificate (otherwise I'd be out of a job right now) but I wanted to know whats gone wrong?
Any help much appreciated.