Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

PKI Certificate loss after a failed renewal (auto-enrollment) !

Hi All,

my cisco router uses a PKI certificate. the certificate used has an expiration date. the router is set to renew automatically (auto-enrollment) the certificate on a specified date (before the expiration date).

problem: when the router can not renew the certificate (obtain a new certificate) for any reason, It deletes the old certificate.

someone has an idea on this?

someone knows where I can find documents that describe the certificate renewal process by routers?

thank you for your help

2 REPLIES
Silver

Re: PKI Certificate loss after a failed renewal (auto-enrollment

When automatic enrollment is configured, clients automatically request client certificates. The CA server performs its own authorization checks; if these checks include a policy to automatically issue certificates, all clients will automatically receive certificates, which is not very secure. Thus, automatic certificate enrollment should be combined with additional authentication and authorization mechanisms (such as Secure Device Provisioning (SDP), leveraging existing certificates, and one-time passwords).

http://www.cisco.com/en/US/docs/ios/security/configuration/guide/sec_cert_enroll_pki_ps6017_TSD_Products_Configuration_Guide_Chapter

New Member

Re: PKI Certificate loss after a failed renewal (auto-enrollment

thank you for your help.

Specifically, my question is how to explain that the router deletes the old certificate if it does not get a new certificate. the old certificate is still valid (it has not yet expired).

there is no bug referenced about it.

thank you

581
Views
0
Helpful
2
Replies
CreatePlease to create content