Well it looks like the key storage, which is in NVRAM by default (from
what I have read) was not there or corrupted. So doing a "crypto key
storage nvram" fixed it.
No sure why but it works now.
Jeff
On Sep 16, 2009, at 12:44 PM, Peter Rathlev wrote:
Hi Jeff,
On Wed, 2009-09-16 at 11:48 -0400, Jeff Fitzwater wrote:
I have a 3750 running 12.2.44
I have one or two units that I cannot https into because the
certificate cannot be trusted.
Everything seems to point to the keys on the switch and even after
generating new keys it still fails https.
I can ssh in to CLI, just can't https.
I have zeroized keys and disabled ip http secure-server and reenabled
it, but still no luck.
I assume that the certificates you generate on the switch are self
signed, and that would of course give a warning since the browser
doesn't trust the issuer, which is the switch itself.
I did not reset the switch yet.
Does anybody have any ideas on this.
You either have to explicitely trust the self signed certificate or
get
a certificate from a trusted CA.
Or am I misunderstanding you question?
Regards,
Peter
_______________________________________________
cisco-nsp mailing list [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/