1. Home
  2. Cisco Systems
  3. How to generate an RSA Key for HTTPS connection?

How to generate an RSA Key for HTTPS connection?

Hey guys

If I want to connet to a Switch over https. The switch automaticlly generates an RSA 768 bit key - even if I generated a 1024 key before!

What do I have to do so that the Switch uses the 1024bit-Key insteat of generating his own 768 bit key??

Thanks for helping.

Cheers, Dominik

Followed procedre from CCO:

CCO-Article

formatting link

Switch(config)#crypto key generate rsa usage-keys modulus 1024 The name for the keys will be: Switch.test.com

% The key modulus size is 1024 bits % Generating 1024 bit RSA keys ...[OK] % Generating 1024 bit RSA keys ...[OK]

Switch(config)#

03:50:04: %SSH-5-ENABLED: SSH 1.99 has been enabled Switch(config)# Switch(config)#ip http secure-server Failed to generate persistent self-signed certificate. Secure server will use temporary self-signed certificate.

Switch(config)# Switch(config)# Switch#sh

03:50:22: %SYS-5-CONFIG_I: Configured from console by nxo on consolecr Switch# Switch#sh crypto key mypubkey rsa % Key pair was generated at: 03:50:01 UTC Mar 1 1993 Key name: Switch.test.com Usage: Signature Key Key is not exportable. Key Data: 30819F30 0D06092A 864886F7 0D010101 05000381 8D003081 89028181 00E5937E 90A2B50B B827B916 0DE9C146 D7D72E40 1806604D FAE4BC02 F371F951 3218CE75 EA73EB55 5FBAF0F3 60BAC813 47C43BBD 0DC7A377 29C757B0 8C5C9B49 3618D13F A6D1533D 728ECFC3 27B457B0 E244F2AC 81384DDA 850FE7F1 F682FF83 243702E5 09DBB0D7 D38B0D33 75C645DD 3E20BE86 3F938392 A00647FC 5A6A9D39 2D020301 0001 % Key pair was generated at: 03:50:04 UTC Mar 1 1993 Key name: Switch.test.com Usage: Encryption Key Key is not exportable. Key Data: 30819F30 0D06092A 864886F7 0D010101 05000381 8D003081 89028181 009AD1E2 54857208 156AA43E 212F7842 987B6FB7 72E6A704 2BC1C3A8 0BFD3922 FFAF4DB4 409705EB 38F50E35 E575C269 54BE2CE6 081FAC9A F52EA2FC A01A2655 9716D721 59693269 5D4DE692 A0B834AF 0D511DFE 7369A6E0 9F7D9861 26BF49AF 083D26D7 5EDC0368 75BD5A2C 1D50EDA6 5DC2B34C 999F843C 3DA0014C C57C16EC EB020301 0001 % Key pair was generated at: 03:50:05 UTC Mar 1 1993 Key name: Switch.test.com.server Usage: Encryption Key Key is not exportable. Key Data: 307C300D 06092A86 4886F70D 01010105 00036B00 30680261 00C650BF 2BE71B80 986A9D19 84F2DEF4 14694873 0B20A279 708CA79B A2EF9BE5 16BC588E CAEB0E07 A72866CA E47278CE A5800195 7267E05D A369E2C0 D2F8670E 0AE0A6AC 60CC8E6F 69DC0D71 17D61D37 F087D482 81B318D4 6D55BC91 A3729AAA 17020301 0001 Switch# »» Connection to Switch over IE - https://10.1.1.11/

Switch#

03:51:25: %CRYPTO-6-AUTOGEN: Generated new 768 bit key pair 03:51:27: %CRYPTO-6-AUTOGEN: Generated new 768 bit key pair Switch#
Reply to
NextiraOne - D. Grob
Loading thread data ...

does executing a write memory" command after generate the key make any diiferenc e?

Reply to
Merv

good idea, but it didn't help. Still the same behavior.

"Merv" schrieb im Newsbeitrag news: snipped-for-privacy@e4g2000hsg.googlegroups.com...

Reply to
D. Grob

what version of IOS are you using? search cisco.com for peristent self-signed certs. better to use a cert from a trusted CA, always.

Reply to
notaccie

Am 01.02.2008 13:20 schrieb notaccie:

Why?

Reply to
Tilman Schmidt

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.