Tyson, works perfect, thanks! Cheers Simon
Am 19.01.2010 um 21:11 schrieb Tyson Scott: > Simon, > > Specify the key before applying it > > > crypto key generate rsa modulus 2048 > > crypto pki trustpoint IOS_CA_R2 > rsakeypair R5.ipexpert.com 2048 > > Regards, > > Tyson Scott - CCIE #13513 R&S, Security, and SP > Technical Instructor - IPexpert, Inc. > Mailto: [email protected] > Telephone: +1.810.326.1444, ext. 208 > Live Assistance, Please visit: www.ipexpert.com/chat > eFax: +1.810.454.0130 > > IPexpert is a premier provider of Classroom and Self-Study Cisco CCNA (R&S, > Voice & Security), CCNP, CCVP, CCSP and CCIE (R&S, Voice, Security & Service > Provider) Certification Training with locations throughout the United States, > Europe and Australia. Be sure to check out our online communities at > www.ipexpert.com/communities and our public website at www.ipexpert.com > > From: [email protected] > [mailto:[email protected]] On Behalf Of Simon Baumann > Sent: Tuesday, January 19, 2010 2:20 PM > To: [email protected] > Subject: [OSL | CCIE_Security] Improving RSA key strength (Cisco IOS CA > Server). > > > Hi, > I've entrolled R5 to R2 to obtain an certificate for an L2L VPN setup: > > R5(config)# > Jan 19 18:38:01.291: %PKI-6-CERTRENEWAUTO: Renewing the router certificate > for trustpoint IOS_CA_R2 > R5(config)#% > % Start certificate enrollment .. > > % The subject name in the certificate will include: cn=R5.ipexpert.com, > ou=CCIE, c=PL > % The subject name in the certificate will include: R5.ipexpert.com > % Certificate request sent to Certificate Authority > % The 'show crypto pki certificate verbose IOS_CA_R2' commandwill show the > fingerprint. > > Jan 19 18:38:16.212: %PKI-6-CERTRENEWAUTO: Renewing the router certificate > for trustpoint IOS_CA_R2 > R5(config)# > Jan 19 18:38:17.324: %CRYPTO-6-AUTOGEN: Generated new 512 bit key pair > R5(config)# > Jan 19 18:38:17.544: CRYPTO_PKI: Certificate Request Fingerprint MD5: > 56C3F241 107599D5 01540AF4 6C176D94 > Jan 19 18:38:17.544: CRYPTO_PKI: Certificate Request Fingerprint SHA1: > 44C0E625 6F1B68D8 96FE37A7 7EF2B4D3 C62EF26C > R5(config)# > > I wonder what's the easiest way to improve the key strenth above 512 bit. TIA. > > Cheers > Simon >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
