Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Certificates disappear after reload ?

I do wonder if this is the right behaviour of the router. If I reload my Cisco 3620 IOS VPN Server, both CA and router's itself certificates are gone. Need to do the procedure (crypto ca authenticate ..., crypto ca enroll ...) to get the certificates. IOS version:

IOS (tm) 3600 Software (C3620-IK9O3S3-M), Version 12.2(13)T5, RELEASE SOFTWARE (fc1)

System image file is "flash:c3620-ik9o3s3-mz.122-13.T5.bin"

Any answer ?

2 REPLIES
Bronze

Re: Certificates disappear after reload ?

Be aware that the certificates and the revocation list when used can be a memory problem for the router. Normally certificates and CRLs are stored locally in the router's NVRAM, and each certificate and CRL uses a moderate amount of memory. But it can happen that the router lacks memory space and will not store the information in NVRAM. Hence, when rebooting the router, the some certificate and some revocation lists could be lost. Please take a look at :

http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_c/scprt4/scdinter.htm#xtocid391213

You can configure the router not to store CRLs and Certificates on the router but rather to query the CA when required, there by freeing the space in the NVRAM.

Community Member

Re: Certificates disappear after reload ?

Thanks ! I had "crypto ca certificate query" command in my config, that was the reason. Now I see with "dir nvram:" that certificates are stored locally on the router.

350
Views
0
Helpful
2
Replies
CreatePlease to create content