Well it looks like the key storage, which is in NVRAM by default (from what I have read) was not there or corrupted. So doing a "crypto key storage nvram" fixed it.

No sure why but it works now.


Jeff


On Sep 16, 2009, at 12:44 PM, Peter Rathlev wrote:

Hi Jeff,

On Wed, 2009-09-16 at 11:48 -0400, Jeff Fitzwater wrote:
I have a 3750 running 12.2.44

I have one or two units that I cannot https into because the
certificate cannot be trusted.

Everything seems to point to the keys on the switch and even after
generating new keys it still fails https.

I can ssh in to CLI, just can't https.

I have zeroized keys and disabled ip http secure-server and reenabled
it, but still no luck.

I assume that the certificates you generate on the switch are self
signed, and that would of course give a warning since the browser
doesn't trust the issuer, which is the switch itself.

I did not reset the switch yet.

Does anybody have any ideas on this.

You either have to explicitely trust the self signed certificate or get
a certificate from a trusted CA.

Or am I misunderstanding you question?

Regards,
Peter



_______________________________________________
cisco-nsp mailing list  [email protected]
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

Reply via email to