1. Forum
  2. Newsgroups
  3. comp.misc

  • Cisco Switches And TLS

    From Lawrence =?iso-8859-13?q?D=FFOliveiro?=@ldo@nz.invalid to comp.misc on Wed Sep 10 01:13:10 2025
    From Newsgroup: comp.misc

    Discovered something interesting that doesn’t seem to be documented anywhere.

    Was trying to import an in-house CA cert (generated with OpenSSL) I had
    set up for a client and used elsewhere, into a Cisco switch for use in securing its web admin interface. It kept rejecting the cert with an
    unhelpful (and unspecific) “failure” message.

    Just for fun, I tried to import a CA cert from Let’s Encrypt. That went in fine.

    Trying to narrow down what was different between the two, I noticed that
    the Let’s Encrypt CA cert was valid for 20 years, whereas I had set the validity on my one to 100 years.

    On further experimentation, I got as far as discovering that the switch
    would accept a 70-year validity, but not 75 years. I think the actual
    limit might be the end of this century.

    Anyway, having found a setting that would work, I left it at 70 years. ;)
    --- Synchronet 3.21a-Linux NewsLink 1.2