[Fix] Cisco C9300 HTTPS SSL_ERROR_INTERNAL_ERROR_ALERT
I often come across an issue where I try to access a Web GUI of a switch or wireless controller using HTTPS and get the following error. This can happen in various scenarios, for example, after changing the RSA keys.
In this blog post, we will go through a quick configuration change that should fix the issue.
Solution
Remove the trustpoint named TP-Self-Signed-xxxxx
, disable HTTP/HTTPS access and re-enable them.
switch-01#show run | incl crypto
crypto pki trustpoint SLA-TrustPoint
crypto pki trustpoint TP-self-signed-135178142
crypto pki certificate chain SLA-TrustPoint
crypto pki certificate chain TP-self-signed-135178142
crypto pki certificate pool
switch-01(config)#no crypto pki trustpoint TP-self-signed-135178142
% Removing an enrolled trustpoint will destroy all certificates
received from the related Certificate Authority.
Are you sure you want to do this? [yes/no]: yes
% Be sure to ask the CA administrator to revoke your certificates.
switch-01#show run | incl crypto
crypto pki trustpoint SLA-TrustPoint
crypto pki certificate chain SLA-TrustPoint
crypto pki certificate pool
switch-01(config)#no ip http server
switch-01(config)#no ip http secure-server
switch-01(config)#ip http server
switch-01(config)#ip http secure-server
switch-01#show run | incl crypto
crypto pki trustpoint SLA-TrustPoint
crypto pki trustpoint TP-self-signed-135178142
crypto pki certificate chain SLA-TrustPoint
crypto pki certificate chain TP-self-signed-135178142
crypto pki certificate pool
switch-01#wr
Building configuration...
[OK]
switch-01#
Closing Thoughts
Removing the old Self-signed certificate and re-enabling HTTPS on the switch generates a new certificate that will be used for subsequent HTTPS communications.