Cisco Support Community
Community Member

how to regenerate a certificate for 2821

Hello Cisco,

I have a cisco 2821 running Version 12.4(6)T3,

I issued a write erase and cleared off the following two certificate;

crypto pki trustpoint

crypto pki certificate

Can someome please tell me what steps I need to take to restore both

Certificate if possible.

Any help would be greatly appreciated.

thx charlie

Router#sh ver

Cisco IOS Software, 2800 Software (C2800NM-ADVIPSERVICESK9-M), Version 12.4(6)T3, RELEASE SOFTWARE (fc2)

Technical Support:

Copyright (c) 1986-2006 by Cisco Systems, Inc.

Compiled Fri 21-Jul-06 16:16 by kellythw

ROM: System Bootstrap, Version 12.4(1r) [hqluong 1r], RELEASE SOFTWARE (fc1)

Router uptime is 55 minutes

System returned to ROM by reload at 19:23:16 UTC Thu Sep 14 2006

System image file is "flash:c2800nm-advipservicesk9-mz.124-6.T3.bin"

This product contains cryptographic features and is subject to United

States and local country laws governing import, export, transfer and

use. Delivery of Cisco cryptographic products does not imply

third-party authority to import, export, distribute or use encryption.

Importers, exporters, distributors and users are responsible for

compliance with U.S. and local country laws. By using this product you

agree to comply with applicable laws and regulations. If you are unable

to comply with U.S. and local laws, return this product immediately.

A summary of U.S. laws governing Cisco cryptographic products may be found at:

If you require further assistance please contact us by sending email to

Cisco 2821 (revision 53.51) with 512000K/12288K bytes of memory.

Processor board ID FTX1034A4E9

2 Gigabit Ethernet interfaces

1 Serial interface

1 Virtual Private Network (VPN) Module

DRAM configuration is 64 bits wide with parity enabled.

239K bytes of non-volatile configuration memory.

250880K bytes of ATA CompactFlash (Read/Write)

Configuration register is 0x2102

Router#dir flash

%Error opening flash:/flash (File not found)

Router#dir flash:

Directory of flash:/

1 -rw- 36226996 Aug 25 2006 04:43:52 +00:00 c2800nm-advipservicesk9-mz.124-6.T3.bin

2 -rw- 1826 Aug 25 2006 04:59:24 +00:00 sdmconfig-28xx.cfg

3 -rw- 4734464 Aug 25 2006 05:00:08 +00:00 sdm.tar

4 -rw- 833024 Aug 25 2006 05:00:42 +00:00 es.tar

5 -rw- 1052160 Aug 25 2006 05:01:18 +00:00 common.tar

6 -rw- 1038 Aug 25 2006 05:01:50 +00:00 home.shtml

7 -rw- 102400 Aug 25 2006 05:02:20 +00:00 home.tar

8 -rw- 491213 Aug 25 2006 05:02:50 +00:00 128MB.sdf

9 -rw- 1684577 Aug 25 2006 05:03:34 +00:00 securedesktop-ios-

10 -rw- 398305 Aug 25 2006 05:04:12 +00:00 sslclient-win-

256507904 bytes total (210964480 bytes free)


Router#cd nvram:


Directory of nvram:/

238 -rw- 771 <no date> startup-config

239 ---- 24 <no date> private-config

240 -rw- 771 <no date> underlying-config

1 -rw- 0 <no date> ifIndex-table

2 -rw- 595 <no date> IOS-Self-Sig#3201.cer

245752 bytes total (242857 bytes free)



Re: how to regenerate a certificate for 2821

To enable key rollover with manual certificate enrollment, use the regenerate command in ca-trustpoint configuration mode.Do not regenerate the keys manually; key rollover will occur when the crypto ca enroll command is issued.Refer the following URL

CreatePlease to create content