Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Crypto Key Commands

I manage several switches and I am learning as I go. Every switch has this shown when I do a "sh run" command:

crypto pki trustpoint TP-self-signed-3087790464

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-3087790464

revocation-check none

rsakeypair TP-self-signed-3087790464

!

!

crypto pki certificate chain TP-self-signed-3087790464

certificate self-signed 07

3058432D  213548E  1254897 35987D4  23647E9  135A158 

"These numbers repeat for several rows"

!

!

!

What does all this mean? Is it all generated when a command is entered or did someone enter these for encrytion purposes? I am only a CCNA so please keep that in mind when explaining this. Also what commands are entered to get this out put?

Any help would be greatly appreciated.

2 ACCEPTED SOLUTIONS

Accepted Solutions
Hall of Fame Super Silver

Crypto Key Commands

David

In my experience those lines are generally generated by the router itself in response to the configuration command

ip http secure-server

(which is generally enabled by default). Having those lines in the config does not hurt anything. If you want to use the secure server (https to your switch address for management purposes) then you do need these lines. If you dont want the secure server enabled then you can disable this function and then you could remove the self signed certificate.

HTH

Rick

New Member

Crypto Key Commands

The crypto pki-statements are created when 'ip http secure-server' is enabled and you issue a 'create crypto key'-command for enabling SSH.

As Rick wrote, those lines do not hurt you and can be deleted if you do not need https-server.

If you want to avoid them in the beginning, just configure 'no ip http secure-server' before creating crypto keys.

2 REPLIES
Hall of Fame Super Silver

Crypto Key Commands

David

In my experience those lines are generally generated by the router itself in response to the configuration command

ip http secure-server

(which is generally enabled by default). Having those lines in the config does not hurt anything. If you want to use the secure server (https to your switch address for management purposes) then you do need these lines. If you dont want the secure server enabled then you can disable this function and then you could remove the self signed certificate.

HTH

Rick

New Member

Crypto Key Commands

The crypto pki-statements are created when 'ip http secure-server' is enabled and you issue a 'create crypto key'-command for enabling SSH.

As Rick wrote, those lines do not hurt you and can be deleted if you do not need https-server.

If you want to avoid them in the beginning, just configure 'no ip http secure-server' before creating crypto keys.

373
Views
0
Helpful
2
Replies