Cisco router CA server

Published by Matt Clemons on

Easy way to create a CA server for testing purposes.

hostname CA

crypto key generate rsa label PKI modulus 2048

ip http server

crypto pki server PKI 
  database url flash:
  database level complete
  issuer-name cn=rootca.test.local
  hash sha256
  database archive pkcs12 password Cisco123
  grant auto
  no shut

crypto pki export PKI pem url flash:
yes

tftp-server flash:PKI.ca

crypto pki export PKI pem terminal !Get a text based version of the CA cert.

Config your Network interfaces.

Gen a CSR on whatever you need a cert for.

Then back on the router, use the CSR to gen a cert.

crypto pki server PKI request pkcs10 terminal

Paste in your CSR, and the router will output the cert in base64.

Categories: HardwareSecurity

0 Comments

Leave a Reply

Avatar placeholder

Your email address will not be published. Required fields are marked *

Related Posts

Security

Threathunting with Elasticsearch

All kinds of interesting information can be found using the Elasticsearch API. https://www.elastic.co/guide/en/elasticsearch/reference/current/search-search.html I find it easier than using Kibana, but Kibana was necessary to figure out the query language. Using the same queries, you Read more…

Linux

Cleared SAA-C02

I started with acloud.guru AWS Certified Solutions Architect Associate course. https://acloudguru.com/course/aws-certified-solutions-architect-associate-saa-c02 If you get the pro subscription, you get access to labs without having to create your own AWS accounts. I think it’s 50 bucks Read more…

Security

Bro 2.6 and FreeBSD

Using FreeBSD 12 RELEASE disc1https://download.freebsd.org/ftp/releases/amd64/amd64/ISO-IMAGES/12.0/ Once the system is up, install the packages below. # fetch ftp://ftp.freebsd.org/pub/FreeBSD/releases/amd64/12.0-RELEASE/src.txz# tar -C / -xzvf src.txz# portsnap fetch && portsnap extract# pkg update -f && pkg upgrade && pkg Read more…