Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 

Automatic generation of self-signed certificates on IOS

Hopefully this is a simple question that has an equally simple answer. Is there an easy way to prevent IOS from generating self-signed keypairs and certificates whenever HTTPS-related services are enabled?

Sent from Cisco Technical Support iPhone App

1 ACCEPTED SOLUTION

Accepted Solutions
Hall of Fame Super Silver

Re: Automatic generation of self-signed certificates on IOS

Jody

What you are asking about seems logical. If you have installed a public certificate then you might not want the router reverting to a self signed certificate. But I do not know of any way to prevent the router from generating a self signed certificate. I have taken a look at the on line help for services and there does not seem to be anything there that would do what you want.

HTH

Rick

4 REPLIES
Hall of Fame Super Gold

Re: Automatic generation of self-signed certificates on IOS

No.

HTTPS and SSLVPN requires ceritficates, so either you disable these services, or the router will have generate certificates.

Automatic generation of self-signed certificates on IOS

I understand that the services require certificates, but am more interested in making sure that the certificates used are valid ones rather than self-signed ones.

I'm running into circumstances where the router is not using the defined trustpoints on reboot. I don't want self-signed certificates presented and would rather have the service simply not work until I can look into the problem.

I'm thinking that there has to be a service that can be turned off that will recent the router fr generating its own keys/certificates and leave it for me to do manually. 

Hall of Fame Super Gold

Automatic generation of self-signed certificates on IOS

What service are you specifically referring to? One should look into the method to bind a service to a trustpoint, that should be possible.

Hall of Fame Super Silver

Re: Automatic generation of self-signed certificates on IOS

Jody

What you are asking about seems logical. If you have installed a public certificate then you might not want the router reverting to a self signed certificate. But I do not know of any way to prevent the router from generating a self signed certificate. I have taken a look at the on line help for services and there does not seem to be anything there that would do what you want.

HTH

Rick

543
Views
0
Helpful
4
Replies
CreatePlease to create content