Solved: Re: Concentrator SSL Certificate Expirtation

rick13175 · ‎12-26-2006

I'm getting the following message alert from my 3000 Concentrator: SSL certificate will expire in 26 daysIssuer. It appears that this certificate (public/private) as well as an identity certificate are being issued by one of our 2003 servers (not 3rd party). I'm tempted to press the renew buttons on each of these certificates; however, being new to this arena, I'm leary about what might (or might not ) happen. My research tells me that this may result in the certificate being rejected. Can someone give me an overview of what these certificates are doing and what I need to do to get myself back into comfortable breathing status again? Thanks.

aghaznavi · ‎01-01-2007

What the concentrator is trying to tell you the SSL certificate install on the concentrator will expire in 26 days unless a new SSL certificate is recreated.

To recreate a new SSL certificate go to:

Administration | Certificate Management | SSL Certificates

On the interface that show the SSL certificate with a Expiration Date of mm/dd/yyyy, click

on the generate under the action field. Accept the default setting and client on the generate button.

Try this link for more info:

http://www.cisco.com/warp/public/471/installdigital.html

View solution in original post

aghaznavi · ‎01-01-2007

What the concentrator is trying to tell you the SSL certificate install on the concentrator will expire in 26 days unless a new SSL certificate is recreated.

To recreate a new SSL certificate go to:

Administration | Certificate Management | SSL Certificates

On the interface that show the SSL certificate with a Expiration Date of mm/dd/yyyy, click

on the generate under the action field. Accept the default setting and client on the generate button.

Try this link for more info:

http://www.cisco.com/warp/public/471/installdigital.html

rick13175 · ‎01-02-2007

Thanks very much. I will give it a try. I was thinking it was a fairly simple matter to correct but wanted some expert advice before I preceeded.

Richard Burts · ‎01-04-2007

Clicking on generate is the right answer for self signed certificates. Since you indicate that there is an Identity Certificate and certificates for public and private that were issued by a server in your network I wonder if renew would not be a better choice.

Since the posting was 2 days ago I wonder if you have done something with the certificates and if so did the generate approach work?

HTH

Rick

HTH

Rick

rick13175 · ‎01-05-2007

generating the ssl certificates seemed to work; however, I accepted the defaults and instead of the certificates being issued by my local ca server, it thinks its being issued by cisco systems. I don't know if this is going to work or for how long. I tried renewing them and it bombed miserably. I don't even know what these certificates do but from what I've read, it has something to do with the https management interface. My identity certificate doesn't have a 'generate' option only renew or delete. I have tried renewing and it bombs as well. It shows up in enrollment status however when I click to install and use cut and paste, I get the following message: Error installing identity certificate: Bad file format. Not having had to deal with certificates until now, I find this whole thing confusing and frustrating. I'm finding Cisco documentation to be worthless as it might as well be trying to tell me how to shave a peanut. I thought I read somewhere that you need to delete the certificate first before trying to renew, but I am extremly reluctant to do so. Any comments would be most appreciated.

jwalker · ‎01-05-2007

Try this..

Go to Administration-->Certificate Management-->Renewal

1. select re-enrollment radio button

2. use PKCS10 as enrollment method

3. input password (if required by the CA)

4. click renew

Pls rate if this helps.