Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

IOS VPN - deleted crypto pki certificate???

Man o man I'm getting burnt out over all this.

I wiped out my VPN config to start from scratch.

When I entered:

no crypto pki certificate chain TP-self-signed-3884018817

It asked:

Are you sure (y/n) Y - but I wasn't sure.

It replied with

"be sure to ask your CA administrator to revoke your certificates"

I hope I can still generate a rsa key pair

3 REPLIES
New Member

Re: IOS VPN - deleted crypto pki certificate???

No worries, you can always create new RSA keys. It depends what are you trying to use them for.

Were you using them for ISAKMP authentication or for SSH connection?

Thanks,

Remi

New Member

Re: IOS VPN - deleted crypto pki certificate???

I'm trying to setup my VPN. SDM created a bunch of enrties that I wanted to delete.

Now I can't seem to generate the chain with all the codes.

This is scary

New Member

Re: IOS VPN - deleted crypto pki certificate???

How about going to CLI and deleteing the RSA keys first with "crypto key zeroize rsa" from global configuration mode.

Also try the following commands in exec privileged mode:

"show crypto key mypubkey rsa"

"show crypto key pubkey-chain rsa"

You should see no entries after deleteing the rsa keys with the above command.

It looks like you were trying to generate self-signed certificates for IPSec VPN authentication, am I right?

I don't do much work with SDM though because you don't have much control over what commands SDM is going to deliver to the router config. Try using more CLI, you will aslo understand more.

If you want you can attach your config file so I could take a look.

Hope it helps.

Remi

550
Views
0
Helpful
3
Replies