[c-nsp] 3750 https bad certificate?
Jeff Fitzwater
jfitz at Princeton.EDU
Wed Sep 16 13:47:57 EDT 2009
Well it looks like the key storage, which is in NVRAM by default (from
what I have read) was not there or corrupted. So doing a "crypto key
storage nvram" fixed it.
No sure why but it works now.
Jeff
On Sep 16, 2009, at 12:44 PM, Peter Rathlev wrote:
> Hi Jeff,
>
> On Wed, 2009-09-16 at 11:48 -0400, Jeff Fitzwater wrote:
>> I have a 3750 running 12.2.44
>>
>> I have one or two units that I cannot https into because the
>> certificate cannot be trusted.
>>
>> Everything seems to point to the keys on the switch and even after
>> generating new keys it still fails https.
>>
>> I can ssh in to CLI, just can't https.
>>
>> I have zeroized keys and disabled ip http secure-server and reenabled
>> it, but still no luck.
>
> I assume that the certificates you generate on the switch are self
> signed, and that would of course give a warning since the browser
> doesn't trust the issuer, which is the switch itself.
>
>> I did not reset the switch yet.
>>
>> Does anybody have any ideas on this.
>
> You either have to explicitely trust the self signed certificate or
> get
> a certificate from a trusted CA.
>
> Or am I misunderstanding you question?
>
> Regards,
> Peter
>
>
More information about the cisco-nsp
mailing list