How to generate an RSA Key for HTTPS connection?

Discussion in 'Cisco' started by NextiraOne - D. Grob, Jan 31, 2008.

  1. Hey guys

    If I want to connet to a Switch over https. The switch automaticlly
    generates an RSA 768 bit key - even if I generated a 1024 key before!

    What do I have to do so that the Switch uses the 1024bit-Key insteat of
    generating his own 768 bit key??

    Thanks for helping.

    Cheers,
    Dominik


    Followed procedre from CCO:

    CCO-Article
    http://www.cisco.com/en/US/partner/..._feature_guide09186a00800d9eee.html#wp1025027


    Switch(config)#crypto key generate rsa usage-keys modulus 1024
    The name for the keys will be: Switch.test.com

    % The key modulus size is 1024 bits
    % Generating 1024 bit RSA keys ...[OK]
    % Generating 1024 bit RSA keys ...[OK]

    Switch(config)#
    03:50:04: %SSH-5-ENABLED: SSH 1.99 has been enabled
    Switch(config)#
    Switch(config)#ip http secure-server
    Failed to generate persistent self-signed certificate.
    Secure server will use temporary self-signed certificate.

    Switch(config)#
    Switch(config)#
    Switch#sh
    03:50:22: %SYS-5-CONFIG_I: Configured from console by nxo on consolecr
    Switch#
    Switch#sh crypto key mypubkey rsa
    % Key pair was generated at: 03:50:01 UTC Mar 1 1993
    Key name: Switch.test.com
    Usage: Signature Key
    Key is not exportable.
    Key Data:
    30819F30 0D06092A 864886F7 0D010101 05000381 8D003081 89028181 00E5937E
    90A2B50B B827B916 0DE9C146 D7D72E40 1806604D FAE4BC02 F371F951 3218CE75
    EA73EB55 5FBAF0F3 60BAC813 47C43BBD 0DC7A377 29C757B0 8C5C9B49 3618D13F
    A6D1533D 728ECFC3 27B457B0 E244F2AC 81384DDA 850FE7F1 F682FF83 243702E5
    09DBB0D7 D38B0D33 75C645DD 3E20BE86 3F938392 A00647FC 5A6A9D39 2D020301
    0001
    % Key pair was generated at: 03:50:04 UTC Mar 1 1993
    Key name: Switch.test.com
    Usage: Encryption Key
    Key is not exportable.
    Key Data:
    30819F30 0D06092A 864886F7 0D010101 05000381 8D003081 89028181 009AD1E2
    54857208 156AA43E 212F7842 987B6FB7 72E6A704 2BC1C3A8 0BFD3922 FFAF4DB4
    409705EB 38F50E35 E575C269 54BE2CE6 081FAC9A F52EA2FC A01A2655 9716D721
    59693269 5D4DE692 A0B834AF 0D511DFE 7369A6E0 9F7D9861 26BF49AF 083D26D7
    5EDC0368 75BD5A2C 1D50EDA6 5DC2B34C 999F843C 3DA0014C C57C16EC EB020301
    0001
    % Key pair was generated at: 03:50:05 UTC Mar 1 1993
    Key name: Switch.test.com.server
    Usage: Encryption Key
    Key is not exportable.
    Key Data:
    307C300D 06092A86 4886F70D 01010105 00036B00 30680261 00C650BF 2BE71B80
    986A9D19 84F2DEF4 14694873 0B20A279 708CA79B A2EF9BE5 16BC588E CAEB0E07
    A72866CA E47278CE A5800195 7267E05D A369E2C0 D2F8670E 0AE0A6AC 60CC8E6F
    69DC0D71 17D61D37 F087D482 81B318D4 6D55BC91 A3729AAA 17020301 0001
    Switch#

    »» Connection to Switch over IE - https://10.1.1.11/

    Switch#
    03:51:25: %CRYPTO-6-AUTOGEN: Generated new 768 bit key pair
    03:51:27: %CRYPTO-6-AUTOGEN: Generated new 768 bit key pair
    Switch#
     
    NextiraOne - D. Grob, Jan 31, 2008
    #1
    1. Advertisements

  2. NextiraOne - D. Grob

    Merv Guest

    does executing a write memory" command after generate the key make any
    diiferenc e?
     
    Merv, Jan 31, 2008
    #2
    1. Advertisements

  3. NextiraOne - D. Grob

    D. Grob Guest

    good idea, but it didn't help. Still the same behavior.
     
    D. Grob, Feb 1, 2008
    #3
  4. NextiraOne - D. Grob

    notaccie Guest

    what version of IOS are you using? search cisco.com for peristent
    self-signed certs. better to use a cert from a trusted CA, always.
     
    notaccie, Feb 1, 2008
    #4
  5. Am 01.02.2008 13:20 schrieb notaccie:
    Why?
     
    Tilman Schmidt, Feb 17, 2008
    #5
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.