Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

SSL Cert snafu - Ive managed to push my router CA out to my MS Exchange server

Hi all,

Here's the thing. I was resetting a certificate on the company router (crypto key gen rsa). I think I started wrong and used the wrong command set.

crypto pki trustpoint xxx

etc

etc

So - long story short, I now have a new certificate root authority showing on the SSL certificate on my Exchange clients. It looks like my Exchange server has used my router as a Certificate Authority.

Has anyone heard of this happening or know how to mitigate it in future?

Heres some relevant prints:

MyRouter#sh crypto pki trustpoints


Trustpoint HTTPS_SS_CERT_KEYPAIR:
    Subject Name:
    serialNumber=FCZ123456BR+hostname=MyRouter.MyDomain.com
    cn=MyRouter.MyDomain.com
          Serial Number (hex): 01
    Application generated trust point

MyRouter#show crypto key mypubkey rsa

% Key pair was generated at: 07:17:02 Apr 20 2012

Key name: HTTPS_SS_CERT_KEYPAIR

Storage Device: private-config

Usage: General Purpose Key

Key is not exportable.

Key Data: HEX HEX HEX

I dont know what this cert is.

On my Exchange SSL certificate, it now says MyRouter.MyDomain.com in the certification path instead of the certificate authority that would be needed to verify it.

Ive managed to redo the certificate (otherwise I'd be out of a job right now) but I wanted to know whats gone wrong?

Any help much appreciated.

Thanks.

297
Views
0
Helpful
0
Replies
CreatePlease to create content