[cisco-voip] IOS crypto pki certificate pool

[James Andrewartha]

No and no: they’re H.323 ISDN gateways for CUCM (also SRST), no CAPF is configured anywhere, or encrypted voice in general.

--
James Andrewartha
Network & Projects Engineer
Christ Church Grammar School
Claremont, Western Australia
Ph. (08) 9442 1757
Mob. 0424 160 877

From: <bmeade90 at gmail.com> on behalf of Brian Meade <bmeade90 at vt.edu>
Date: Tuesday, 1 May 2018 at 9:31 pm
To: James Andrewartha <jandrewartha at ccgs.wa.edu.au>
Cc: cisco-voip voip list <cisco-voip at puck.nether.net>
Subject: Re: [cisco-voip] IOS crypto pki certificate pool

Is it running CME with CAPF configured?

On Mon, Apr 30, 2018 at 11:44 PM, James Andrewartha <jandrewartha at ccgs.wa.edu.au<mailto:jandrewartha at ccgs.wa.edu.au>> wrote:
Hi voipers,

Has anyone seen an issue where a router will fail to load its config
after a reboot because of "crypto pki certificate pool" configuration
that is somehow automatically downloaded? It is annoyingly repeatable
for me, I have to connect via serial console because all the IP config
is after the certificates. The routers are 2921 running
C2900-UNIVERSALK9-M, 15.3(3)M4, RELEASE SOFTWARE (fc2). After restoring
the config, the certificates are redownloaded after a week or so.

The first new lines (from the rancid diff) are:

  crypto pki certificate pool
+  certificate ca 01
+   30820335 3082021D A0030201 02020101 300D0609 2A864886 F70D0101 0B050030
+   3C310B30 09060355 04061302 55533116 30140603 55040A13 0D436973 636F2053

Thanks,

--
James Andrewartha
Network & Projects Engineer
Christ Church Grammar School
Claremont, Western Australia
Ph. (08) 9442 1757
Mob. 0424 160 877
_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20180501/36d5a215/attachment.html>