Skip to main content
Start a Conversation

Unsolved

This post is more than 5 years old

skb1963

7 Posts

37575

January 27th, 2013 11:00

6624 secure management

I have a PCT6224 (FW 3.3.5.5) and I have used the following to setup ssh and https and they both work fine now.  The instructions for ssh don't say anything about needing the dsa key, but if it isn't generated, you can't start the ssh server.

console# configure
console(config)#crypto key generate rsa
console(config)#crypto key generate dsa
console(config)#crypto
console(config)#ip ssh server

console(config)#ip https authentication local
console(config)#crypto certificate 1 generate
console(config-crypto-cert)#country US
console(config-crypto-cert)#email support@mydomain.com
console(config-crypto-cert)#location "My City"
console(config-crypto-cert)#organization-name "My Company"
console(config-crypto-cert)#organization-unit IT
console(config-crypto-cert)#state KS
console(config-crypto-cert)#key-generate
console(config-crypto-cert)#exit
console(config)#ip https server

I noticed that for the certificate, I didn't put a duration in and it defaulted to 365 days.  I tried to do it again with a duration of 3650 days but got this error:

---------------

console(config-crypto-cert)#key-generate

Self-signed Certificate and RSA key-pair Exists.
If you want to overwrite Existing keys, Enter 'y'.
If you want to keep existing keys as it is, Enter 'n'.
[y:n] y

Invalid Key! Key Length Should be in the range <512- 2048>.
---------------

After that, you have to force close your connection because each letter you type ends up on one line like this, and no, I am not hitting the return key:

---------------

console(config-crypto-cert)#e

console(config-crypto-cert)#x

console(config-crypto-cert)#i

console(config-crypto-cert)#t

--------------

I also tried to do it again just like the first time, without a duration and got the same error about the Invalid Key range.  So, a few questions:

  1. How do I delete any keys or certificates that I have created?
  2. How can I just recreate the certificates since it gives the error? Recreating the keys didn't give a problem.
  3. Once I get this straightened out, I want the following and am NOT sure of the commands to do it.
    1. Allow access only from the following
      1. HTTPS and SSH access from VLAN 20 (my local lan)
      2. Telnet on the console connection
      3. HTTPS and SSH From 1 external IP to the IP I gave to VLAN 2
    2. Shut down all other management access ports.

console#show switch

    Management Standby   Preconfig     Plugged-in    Switch        Code  
SW  Status     Status    Model ID      Model ID      Status        Version
--- ---------- --------- ------------- ------------- ------------- -----------
1   Mgmt Sw              PCT6224       PCT6224       OK            3.3.5.5    

Thank You in advance

hindutool1

1 Rookie

 • 

20 Posts

June 9th, 2018 21:00

Daniel,

  I am having the same problem described in this thread. In fact I already posted a new thread with the exact same problem.  I have copied and pasted the post (dated 6/9/2018)

 
‎06-09-2018 09:02 PM
Dell Powerconnect 6248P Security certificate issue for HTTPS  
 

I have 2 stacked DELL Powerconnect 6248P switches. I am unable to get HTTPS working. Specifically I am unable to generate a certificate during the setup process. I am using firmware 3.3.14.2.  I proceed with setting up the HTTPS server thusly:

console#config
console(config)#username xxxxxxx(ie admin) password yyyyyyyy level 15
console(config)#ip http authentication local
console(config)#ip https authentication local
console(config)#crypto certificate 1 generate
console(config-crypto-cert)#key-generate

However at this point I am presented with the following (even after clearing config and setting to factory defaults in boot menu):

Self-signed Certificate and RSA key-pair Exists.
If you want to overwrite Existing keys, Enter 'y'.
If you want to keep existing keys as it is, Enter 'n'.
[y:n]

nvalid Key! Key Length Should be in the range <512- 2048>.

console(config-crypto-cert)#e  <-after typing one character its like i pressed the return key, i cannot issue further commands.

console(config-crypto-cert)#x

console(config-crypto-cert)#i

console(config-crypto-cert)#t

As you can see from the above I cannot input anything in the CLI anymore as every character I type results in an EOL and it moves to the next line. I have to either wait for the system to log out, or hard reset.

I have tried the following as well with no success:

console(config-crypto-cert)#key-generate 1024  (this returns a blank line and does not alter or create a new certificate)

console(config)#crypto certificate generate key_generate

 

Is there any way to clear the current certificate information?  Any ideas? No matter what I have tried firefox returns the same error:

Secure Connection Failed

An error occurred during a connection to 192.168.0.254. You have received an invalid certificate. Please contact the server administrator or email correspondent and give them the following information: Your certificate contains the same serial number as another certificate issued by the certificate authority. Please get a new certificate containing a unique serial number. Error code: SEC_ERROR_REUSED_ISSUER_AND_SERIAL

I have already tried:

console(config)#ip https certificate 1

Any help would be grateful. The fact that CLI no longer works after the "key-generate" statement really has me perplexed

I have tried to use certificate 2 with the same results. hard reset and then try certificate 1 again same problems. I have tried to re-install the RSA keys as well.  Any suggestions?  I looked at the white papers you referenced, but to no avail

Was this post helpful?

View All

0 events found

No Events found!

Top