Today at work our Tunnel went down , due to cert expire. Can someone tell me how to create and enroll new Cert?
Hi Naeem,
How did you get the certificate on the router the first time? You can use an automatic enrollment method or manual.
Rene
I believe it was generated on the router itself, I wasn’t responsible for the router when it was setup. The Tunnel broke due to it expiring , Hence I am trying to learn how do you generate a new cert and enroll your spokes
Hi Naeem,
What CA do you use? When you manually generate a certificate on the router, you can create the CSR from the router or do everything on a CA server (like openSSL).
For example, here’s how I do the CSR on an ASA with an OpenSSL CA:
Or we can create the certificate for the end device on the CA itself. Take a look at this link:
And then look for the “create a certificate” section.
Rene