Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Can't deploy configuration containing SSH certificate

Hello,

I'm currently testing the "deploy" feature of LMS 3.1.

I choose to deploy the configuration to the startup config, and then I reload the destination device myself.

The whole configuration is effectively deployed to the destination device, except the hex data of the self signed certificate. I've checked and LMS/config editor does not seem to have that info backed up at all.

Here's what the real config looks like :

---

[...]

crypto pki trustpoint TP-self-signed-2703748608

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-2703748608

revocation-check none

rsakeypair TP-self-signed-2703748608

!

crypto pki certificate chain TP-self-signed-2703748608

certificate self-signed 01

3082024D 308201B6 A0030201 02020101 300D0609 2A864886 F70D0101 04050030

31312F30 2D060355 04031326 494F532D [... bunch of hex data...]

quit

!

!

!

spanning-tree mode rapid-pvst

[...]

---

and here's what is archived by LMS (and deployed to the destination device) :

---

[...]

crypto pki trustpoint TP-self-signed-2703748608

enrollment selfsigned

subject-name cn=IOS-Self-Signed-Certificate-2703748608

revocation-check none

rsakeypair TP-self-signed-2703748608

!

crypto pki certificate chain TP-self-signed-2703748608

certificate self-signed 01

!

!

!

spanning-tree mode rapid-pvst

[...]

---

Since the "quit" command is missing, the config fails to load because the hex data input mode can only be left with the quit keyword (end doesn't work there).

Question : is this normal behavior for LMS (akin to the password hash obfuscation thingy it does in config editor), or simply a bug ?

Please tell me if this should be submited as a bug report to the TAC.

Thank you,

Alex.

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: Can't deploy configuration containing SSH certificate

Yes, this is normal behavior, and it is a bug. The bug is CSCta13429, and it is fixed with a patch available from TAC.

1 REPLY
Cisco Employee

Re: Can't deploy configuration containing SSH certificate

Yes, this is normal behavior, and it is a bug. The bug is CSCta13429, and it is fixed with a patch available from TAC.

129
Views
0
Helpful
1
Replies
CreatePlease to create content