Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

Switch Certificates ??

What CLI commands are required to generate an output similar to the following (extracted from a show run):

crypto pki trustpoint TP-self-signed-793647744

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-793647744

revocation-check none

rsakeypair TP-self-signed-793647744



crypto ca certificate chain TP-self-signed-793647744

certificate self-signed 01

308202B9 30820222 A0030201 02020101 300D0609 2A864886 F70D0101 04050030

61312E30 2C060355 04031325 494F532D 53656C66 2D536967 6E65642D 43657274

69666963 6174652D 37393336 34373734 34312F30 2D06092A 864886F7 0D010902

16205553 4752422D 54523131 2D333536 302D3234 2D312E61 6461676E 65742E6E

6574301E 170D3933 30333031 30303138 31355A17 0D323030 31303130 30303030

305A3061 312E302C 06035504 03132549 4F532D53 656C662D 5369676E 65642D43

65727469 66696361 74652D37 39333634 37373434 312F302D 06092A86 4886F70D

01090216 20555347 52422D54 5231312D 33353630 2D32342D 312E6164 61676E65

742E6E65 7430819F 300D0609 2A864886 F70D0101 01050003 818D0030 81890281

8100E9AE 1EE7B500 C47420D3 92EA66EF 751B4500 CA98E763 EB99F1DB 1AE8F4BA

848203F5 8141CADA 4D6655BC C01D7B80 302073BC D1085D5B D1B78504 3B8D6728

589F9767 EA2FFA3C 97FD353C 25010659 2405331E D1431EF9 E867B86C 19CE4EC8

7CD22D91 4D190D26 633434F3 B9C616E2 9D1B0091 38674439 31481EE7 AE6AD7FE

C2170203 010001A3 8180307E 300F0603 551D1301 01FF0405 30030101 FF302B06

03551D11 04243022 82205553 4752422D 54523131 2D333536 302D3234 2D312E61

6461676E 65742E6E 6574301F 0603551D 23041830 1680142C EF4638F5 8FA70291

5FCAE187 8F00483A A8592C30 1D060355 1D0E0416 04142CEF 4638F58F A702915F

CAE1878F 00483AA8 592C300D 06092A86 4886F70D 01010405 00038181 00119F46

78037394 A0307A51 5F84991E 68B715F4 9FA6C465 2C7C63CF 8CB29879 83A2AF19

806B5AB5 883D7A5B 92B2C8EB 194F50C8 539FA46A 2F4E9F2D 0DCF3561 00444AFA

72543659 DA89F5B8 83102F17 85B73282 501EA807 FF77C416 EF18249A 329469DB

55E9F63F D37A38BC 7DCFAC82 470FB1E7 14077736 59750F07 BC5B1CD8 DA


I believe this has to do with self-generating certificates, but have never had any experience configuring a switch that uses them.


Re: Switch Certificates ??

You can follow the 12.4 Security Config Guide.

Make sure you configure the hostname and the ip domain-name. The key generation should happen when you configure the trustpoint.

CreatePlease to create content