SSLVPN Certificate will not import

Unanswered Question
Jun 14th, 2007

I have a Cisco 2800 ISR. We have sslvpn setup. Trying to get a valid ca certificate and router certificate installed. Using MS CA on windows 2000.

I get this error when I try to import they certificates.


Certificate import has failed. The error returned is:

Certificate is not valid, or has expired, or

the time on your router is invalid.


Time has been verified.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
dmitri_vilesov Thu, 07/12/2007 - 23:48

Try enrollcertificate using CLI (not SDM). I've got the same problem.

1. enable

2. configure terminal

3. crypto pki trustpoint my_trustpoint

4. enrollment terminal

5. subject CN = your_common_name

6. exit

7. crypto pki authenticate my_trustpoint

8. crypto pki enroll my_trustpoint

9. crypto pki import my_trustpoint certificate

10. exit

11. show crypto pki certificates

dmitri_vilesov Thu, 07/12/2007 - 23:52

and one more thing - you need to generate certificate using "web server" template

jaffer_sathik2010 Fri, 07/13/2007 - 02:17


Otherthan the above mentioned points,please make sure that the device timing settings are synchronized with the CA server timings.

While downloading the certificate form the CA server, the router will do a check on the time value available on the certificate to ensure that it is not expired. If it is expited then it would not install the certificate.



This Discussion