Hello All,
Do rsa keys need to be re-generated if the ip domain-name on a cisco device is changed to a differente ip domain-name ? For example. Changing the name from "ip domain-name example.com " to “ip domain-name newdomain.org” Would the rsa keys created under the old domain name still apply to the new name ? Or would a new set of rsy keys need to be generated for ssh access to the device ? Any advice is appreciated.
-Adam
Hello Adam
When an RSA key is generated, it uses the currently configured domain name on the device to generate it. Once it’s generated, the RSA key is stored as is. If you change a router parameter such as the hostname or domain name, the old certificate is still valid until the RSA key is re-generated. Although it is not a requirement, it’s a good idea to have the key regenerated at some point with the current parameters if you do change them, just to keep a consistency across the configuration.
I hope this has been helpful!
Laz