SSL Cert snafu - Ive managed to push my router CA out to my MS Exchange server
Here's the thing. I was resetting a certificate on the company router (crypto key gen rsa). I think I started wrong and used the wrong command set.
crypto pki trustpoint xxx
So - long story short, I now have a new certificate root authority showing on the SSL certificate on my Exchange clients. It looks like my Exchange server has used my router as a Certificate Authority.
Has anyone heard of this happening or know how to mitigate it in future?
Heres some relevant prints:
MyRouter#sh crypto pki trustpoints
Trustpoint HTTPS_SS_CERT_KEYPAIR: Subject Name: serialNumber=FCZ123456BR+hostname=MyRouter.MyDomain.com cn=MyRouter.MyDomain.com Serial Number (hex): 01 Application generated trust point
MyRouter#show crypto key mypubkey rsa
% Key pair was generated at: 07:17:02 Apr 20 2012
Key name: HTTPS_SS_CERT_KEYPAIR
Storage Device: private-config
Usage: General Purpose Key
Key is not exportable.
Key Data: HEX HEX HEX
I dont know what this cert is.
On my Exchange SSL certificate, it now says MyRouter.MyDomain.com in the certification path instead of the certificate authority that would be needed to verify it.
Ive managed to redo the certificate (otherwise I'd be out of a job right now) but I wanted to know whats gone wrong?
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :