How to create a persistent cert for SSL usage

Discussion in 'Cisco' started by Gushi, Mar 3, 2008.

  1. Gushi

    Gushi Guest

    Hello all,

    I've spent the better part of my day bashing my head against my 2960
    switch. Due to an office policy, I need to install a "real" cert on
    this thing, signed by our central CA, for https access. Our CA runs
    MS Cert Services. Because of our firewalling policies, all I can do
    is PEM. None of the easy auto stuff.

    The problem is:

    1) Any cert that I try to generate has the wrong information.
    Basically, I cannot make a "web server" cert because the common name
    is hosed.

    The router asks me what information I want in the SUBJECT -- and even
    though I say "yes, use the hostname" it generates with a null CN field
    (according to MS cert services).

    2) Why, oh why, do I have to create a trust point -- shouldn't it be
    as simple as saying "yeah, that key you created when I turned on
    crypto? Let me sign that -- I'm not looking to have the router trust
    every connecting user, nor am I using this for persitent VPN's...just
    simple "don't throw the pass in the clear when I https into it".

    3) I decided "okay, this syntax is hosed, let's generate keys and
    certs elsewhere". Except that any key I install has to be protected
    by a passphrase. Which completely screws things on a reboot, no?

    4) Is it me or is there NO way to just delete a certificate without
    blowing away the whole trustpoint? I've tried "no certificate
    xxxxxxxxx, and gotten "certificate not found".

    Has anyone made an easy howto for "here's how you make an SSL cert
    that validates against your CA, with your hostname as the CN?"

    -Dan Mahoney
    Gushi, Mar 3, 2008
    #1
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Olivier PELERIN

    SSL with backend SSL on CSS 11500

    Olivier PELERIN, Aug 30, 2004, in forum: Cisco
    Replies:
    0
    Views:
    3,577
    Olivier PELERIN
    Aug 30, 2004
  2. jenny
    Replies:
    0
    Views:
    916
    jenny
    Nov 30, 2006
  3. Replies:
    0
    Views:
    377
  4. Dave Doe

    OWA over pvt SSL cert to mobile phone?

    Dave Doe, Nov 30, 2006, in forum: NZ Computing
    Replies:
    3
    Views:
    384
    Mauricio Freitas [MVP]
    Dec 1, 2006
  5. Giuen
    Replies:
    0
    Views:
    688
    Giuen
    Sep 12, 2008
Loading...

Share This Page