We have a new DynDNS Community site!
Check out www.dyndnscommunity.com

Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 44 posts ] 

Board index : Update Clients : Router Update Clients

Go to page Previous  1, 2, 3, 4, 5
Author Message
 Post subject: Re: [howto] configure your cisco to perform updates over https
PostPosted: Mon Mar 01, 2010 12:41 pm 
Offline

Joined: Mon Dec 28, 2009 12:13 pm
Posts: 5
@ to all

it works again :mrgreen:

You guys needs to remove the current certificate and add new one because the current certificate expired.


Back to top
 Profile  
 
 Post subject: Re: [howto] configure your cisco to perform updates over https
PostPosted: Wed Dec 29, 2010 10:51 pm 
Offline

Joined: Wed Dec 29, 2010 10:33 pm
Posts: 1
Peoples..
This does work on 15 code..

Specifically Version 15.0(1)XA4

Note some of the differences in my configuration below

!
crypto pki trustpoint DynDNS
enrollment terminal pem
revocation-check none
!
crypto pki certificate chain DynDNS
certificate ca 35DEF4CF
30820320 30820289 A0030201 02020435 DEF4CF30 0D06092A 864886F7 0D010105
0500304E 310B3009 06035504 06130255 53311030 0E060355 040A1307 45717569
66617831 2D302B06 0355040B 13244571 75696661 78205365 63757265 20436572
74696669 63617465 20417574 686F7269 7479301E 170D3938 30383232 31363431
35315A17 0D313830 38323231 36343135 315A304E 310B3009 06035504 06130255
53311030 0E060355 040A1307 45717569 66617831 2D302B06 0355040B 13244571
75696661 78205365 63757265 20436572 74696669 63617465 20417574 686F7269
74793081 9F300D06 092A8648 86F70D01 01010500 03818D00 30818902 818100C1
5DB15867 0862EEA0 9A2D1F08 6D911468 980A1EFE DA046F13 846221C3 D17CCE9F
05E0B801 F04E34EC E28A9504 64ACF16B 535F05B3 CB6780BF 42028EFE DD0109EC
E100144F FCFBF00C DD43BA5B 2BE11F80 70991557 9316F10F 976AB7C2 68231CCC
4D5930AC 511E3BAF 2BD6EE63 457BC5D9 5F50D2E3 500F3A88 E7BF14FD E0C7B902
03010001 A3820109 30820105 30700603 551D1F04 69306730 65A063A0 61A45F30
5D310B30 09060355 04061302 55533110 300E0603 55040A13 07457175 69666178
312D302B 06035504 0B132445 71756966 61782053 65637572 65204365 72746966
69636174 65204175 74686F72 69747931 0D300B06 03550403 13044352 4C31301A
0603551D 10041330 11810F32 30313830 38323231 36343135 315A300B 0603551D
0F040403 02010630 1F060355 1D230418 30168014 48E668F9 2BD2B295 D747D823
20104F33 98909FD4 301D0603 551D0E04 16041448 E668F92B D2B295D7 47D82320
104F3398 909FD430 0C060355 1D130405 30030101 FF301A06 092A8648 86F67D07
4100040D 300B1B05 56332E30 63030206 C0300D06 092A8648 86F70D01 01050500
03818100 58CE29EA FCF7DEB5 CE02B917 B585D1B9 E3E095CC 25310D00 A6926E7F
B692639E 5095D19A 6FE411DE 63856E98 EEA8FF5A C8D355B2 667157DE C021EB3D
2AA72349 01048642 7BFCEE7F A21652B5 6767D340 DB3B2658 B228773D AE147761
D6FA2A66 27A00DFA A7735CEA 70F19421 65445FFA FCEF2968 A9A28779 EF79EF4F AC077738
quit
!

ip ddns update method DynDNS
HTTP
add https://blarg:thata5t35bad@members.dynd ... &hostname=<h>&myip=<a>
interval maximum 3 3 3 3
interval minimum 1 1 1 1
!

You can also use a host list like such, which you'll see in the interface below

ip host-list DynDNS
host blarg.dnsdojo.com blarg.dynalias.net

!
interface FastEthernet X/X
ip ddns update hostname blarg.dnsdojo.com
ip ddns update DynDNS host-group DynDNS
!
!
- END -

Some debugs for the geek inclined below. Note in Bold & Blue the access list entry.

9654436: *Dec 29 19:28:41.710 PCTime: DYNDNSUPD: Adding DNS mapping for blarg.dnsdojo.com <=> 69.69.222.222 server 69.69.222.222
9654437: *Dec 29 19:28:41.710 PCTime: HTTPDNS: Update add called for blarg.dnsdojo.com <=> 69.69.222.222
9654438: *Dec 29 19:28:41.710 PCTime: HTTPDNSUPD: Session ID = 0x7
9654439: *Dec 29 19:28:41.710 PCTime: HTTPDNSUPD: URL = 'https://blarg:thata5t35bad@members.dyndns.org/nic/updatesystem=dyndns&hostname=blarg.dnsdojo.com&myip=69.69.222.222'
9654440: *Dec 29 19:28:41.710 PCTime: HTTPDNSUPD: Sending request
9654441: *Dec 29 19:28:42.686 PCTime: %SEC-6-IPACCESSLOGP: list 103 permitted tcp 204.13.248.112(443) (FastEthernetX/X 001d.70af.ece2) -> 69.69.222.222(21077), 1 packet
9654442: *Dec 29 19:28:43.042 PCTime: HTTPDNSUPD: Response for update blarg.dnsdojo.com <=> 69.69.222.222

9654443: *Dec 29 19:28:43.042 PCTime: HTTPDNSUPD: DATA START
404
9654444: *Dec 29 19:28:43.042 PCTime: HTTPDNSUPD: DATA END, Status is Response data recieved, successfully
9654445: *Dec 29 19:28:43.042 PCTime: HTTPDNSUPD: Call returned SUCCESS, update of blarg.dnsdojo.com <=> 69.69.222.222 succeeded
9654446: *Dec 29 19:28:43.042 PCTime: DYNDNSUPD: Another update completed (outstanding=0, total=0)
9654447: *Dec 29 19:28:43.042 PCTime: HTTPDNSUPD: Clearing all session 7 info


For those that aren't Cisco gurus I'd suggest that anyone using access-lists use named access lists where possible for your inbound IOS F/W ACL.

Snippet of the ACL:
permit tcp host 204.13.248.112 eq 443 any log-input

log-input will let you know if you are getting responses or hits.. If your configuration is working correctly the access-list will show something like this:

permit tcp host 204.13.248.112 eq 443 any log-input (8 matches)

The numbers in brackets show how many hits the access-list had, meaning they are "true".

L8r


Back to top
 Profile  
 
 Post subject: Re: [howto] configure your cisco to perform updates over htt
PostPosted: Thu Apr 04, 2013 2:59 pm 
Offline

Joined: Sat Nov 01, 2008 11:33 am
Posts: 30
As of 03/27/2013
Per Dyn Support, the new Dyn SSL root certificate is:

DigiCert Global Root CA

and can be found here. https://www.digicert.com/digicert-root-certificates.htm

regards...


Back to top
 Profile  
 
 Post subject: Re: [howto] configure your cisco to perform updates over htt
PostPosted: Sun Apr 07, 2013 11:04 am 
Offline

Joined: Sat Nov 01, 2008 11:33 am
Posts: 30
Disregard the certificate referenced in the previous post.

Instead refer to this link

http://www.dyncommunity.com/questions/32099/what-is-the-new-ssl-root-certificate-as-of-0327201.html
scarabaeus wrote:
As of 03/27/2013
Per Dyn Support, the new Dyn SSL root certificate is:

DigiCert Global Root CA

and can be found here. https://www.digicert.com/digicert-root-certificates.htm

regards...


Back to top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 44 posts ] 

Board index : Update Clients : Router Update Clients

Go to page Previous  1, 2, 3, 4, 5

Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
cron
All information © Dynamic Network Services, Inc. 2008