Link to home
Start Free TrialLog in
Avatar of Dan
DanFlag for United States of America

asked on

Cisco Switches SSL stops working

I have multiple Cisco switches, from 2960's to 3750's.  I have them all configured via SSH, and randomly, after a few weeks, I can't connect via SSH anymore into them.  I use PRTG to monitor them, and I noticed that when something happens to the certificate, that's when I can't log in anymore, so my monitoring system displays an error for the cert.  When configuring SSH, does the default cert expire after a certain amount of time or something?

Any ideas how to fix this?
SOLUTION
Avatar of David Johnson, CD
David Johnson, CD
Flag of Canada image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Dan
Dan
Flag of United States of America image

ASKER

It was a self signed cert, and I thought it was like years out.
Avatar of Dan
Dan
Flag of United States of America image

ASKER

How can I check all my switches to see what the expiration date is?  As I will need to r create all of them, the ones that expired or will soon.
ASKER CERTIFIED SOLUTION
Avatar of Pete Long
Pete Long
Flag of United Kingdom of Great Britain and Northern Ireland image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of Craig Beck
Craig Beck
Flag of United Kingdom of Great Britain and Northern Ireland image
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of Dan
Dan
Flag of United States of America image

ASKER

I tried to log into the console, but I'm getting this error.   So my only option is to reboot, but I can't do it now, I have to wait until tonight.

User generated image
Avatar of Craig Beck
Craig Beck
Flag of United Kingdom of Great Britain and Northern Ireland image
That doesn't look good.  Do you have excessive logging enabled, or a debug all running?
Avatar of Dan
Dan
Flag of United States of America image

ASKER

no, I don't think so.  Well, how can I check after I restart the device?
Avatar of Dan
Dan
Flag of United States of America image

ASKER

is there a show command to see all logging turned on?   I can do a no debug all, but besides that, if I have an individual log going, how do I find that?
Avatar of Dan
Dan
Flag of United States of America image

ASKER

there's a lot of old certs from 1993, so they were created with the clock being off.  I need to delete them, is there an easy way to delete them, as I configured NTP and created a new cert.
Avatar of Dan
Dan
Flag of United States of America image

ASKER

Pete, so I ran your command and it shows the following.  So I even deleted the cert and created it today, the clock is set to ntp, but it still shows the following.  How do I fix this?

% Key pair was generated at: 17:02:27 pst Feb 28 1993
Avatar of Dan
Dan
Flag of United States of America image

ASKER

Thanks everyone for your help, I replaced the physical switch, as even though I had  installed a new IOS on it, it still did the same thing.