I got aroud the issue with HTTPs in the DDNS client by manually creating a trustpoit and importing the certificate of the signing cert used on the HTTPs/Apache service on my domain provider (PairNIC)'s web service
Here is a simple guide of how to integrate your Cisco IOS router platform with your PairNIC-managed domain name.
This is a useful if you are buying commodity broadband connectivity from a hetergenous selection of regional service providers that use DHCP on a bridged ethernet WAN (Verizon FIOS, Comcast broadband, Consolidated Communications metro ethernet)
As you can see below, PairNIC makes-available a REST-style HTTP WebServices URL that you can pass simple GET-style calls to with the HTTP client in Cisco IOS routers.
NOTE: The password field below is not your PairNIC password, but instead, a dynamic key that is generated when you turn on Custom DNS for your domain and enable dynamic updates
NOTE: PairNIC domains are supported. Pair.com-managed-domains are not supported.
This works out, because you likely want to have a separate domain name for WAN DDNS updates
NOTE: You do not need to have an A-record in place already, despite the ambiguously named '/update' method-call below, it will actually create records on-demand.
NOTE: I'm not sure if there is an erase/delete/destroy/remove function call -- Waiting to hear back from Pair
NOTE: At this point, we see the HTTP CURL/WGET client in Cisco IOS doing what it _should_ do -- however, it will fail because the SSL Library in IOS (OpenSSL) doesnt ship with a proper set of trusted root CA Certificates
To fix(*) this, we simply import and explicitly-trust the certificate that signed the SSL cert used on PairNIC's cert for 'dynamic.pairnic.com'
(*) Its more of a cheap hack. Cisco can fix by shipping a CA Cert Chain with OCSP/CRL enabled by default.
br00# conf t
br00(conf)# no crypto pki trustpoint CA-AddTrust-UserTrust
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :