[Fix] Cisco C9300 HTTPS SSL_ERROR_INTERNAL_ERROR

I often come across an issue where I try to access a Web GUI of a switch or wireless controller using HTTPS and get the following error. This can happen in various scenarios, for example, after changing the RSA keys.

In this blog post, we will go through a quick configuration change that should fix the issue.

Solution

Remove the trustpoint named TP-Self-Signed-xxxxx, disable HTTP/HTTPS access and re-enable them.

switch-01#show run | incl crypto
crypto pki trustpoint SLA-TrustPoint
crypto pki trustpoint TP-self-signed-135178142
crypto pki certificate chain SLA-TrustPoint
crypto pki certificate chain TP-self-signed-135178142
crypto pki certificate pool


switch-01(config)#no crypto pki trustpoint TP-self-signed-135178142
% Removing an enrolled trustpoint will destroy all certificates
 received from the related Certificate Authority.

Are you sure you want to do this? [yes/no]: yes
% Be sure to ask the CA administrator to revoke your certificates.

switch-01#show run | incl crypto
crypto pki trustpoint SLA-TrustPoint
crypto pki certificate chain SLA-TrustPoint
crypto pki certificate pool

switch-01(config)#no ip http server
switch-01(config)#no ip http secure-server

switch-01(config)#ip http server 
switch-01(config)#ip http secure-server 

switch-01#show run | incl crypto
crypto pki trustpoint SLA-TrustPoint
crypto pki trustpoint TP-self-signed-135178142
crypto pki certificate chain SLA-TrustPoint
crypto pki certificate chain TP-self-signed-135178142
crypto pki certificate pool

switch-01#wr
Building configuration...
[OK]
switch-01#

Closing Thoughts

Removing the old Self-signed certificate and re-enabling HTTPS on the switch generates a new certificate that will be used for subsequent HTTPS communications.