×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

SSL Cert snafu - Ive managed to push my router CA out to my MS Exchange server

Unanswered Question
Apr 25th, 2012
User Badges:

Hi all,


Here's the thing. I was resetting a certificate on the company router (crypto key gen rsa). I think I started wrong and used the wrong command set.


crypto pki trustpoint xxx

etc

etc


So - long story short, I now have a new certificate root authority showing on the SSL certificate on my Exchange clients. It looks like my Exchange server has used my router as a Certificate Authority.


Has anyone heard of this happening or know how to mitigate it in future?


Heres some relevant prints:


MyRouter#sh crypto pki trustpoints


Trustpoint HTTPS_SS_CERT_KEYPAIR:
    Subject Name:
    serialNumber=FCZ123456BR+hostname=MyRouter.MyDomain.com
    cn=MyRouter.MyDomain.com
          Serial Number (hex): 01
    Application generated trust point


MyRouter#show crypto key mypubkey rsa


% Key pair was generated at: 07:17:02 Apr 20 2012

Key name: HTTPS_SS_CERT_KEYPAIR

Storage Device: private-config

Usage: General Purpose Key

Key is not exportable.

Key Data: HEX HEX HEX


I dont know what this cert is.


On my Exchange SSL certificate, it now says MyRouter.MyDomain.com in the certification path instead of the certificate authority that would be needed to verify it.


Ive managed to redo the certificate (otherwise I'd be out of a job right now) but I wanted to know whats gone wrong?


Any help much appreciated.


Thanks.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion