06-14-2007 02:43 PM
I have a Cisco 2800 ISR. We have sslvpn setup. Trying to get a valid ca certificate and router certificate installed. Using MS CA on windows 2000.
I get this error when I try to import they certificates.
=========================================
Certificate import has failed. The error returned is:
Certificate is not valid, or has expired, or
the time on your router is invalid.
=========================================
Time has been verified.
07-12-2007 11:48 PM
Try enrollcertificate using CLI (not SDM). I've got the same problem.
1. enable
2. configure terminal
3. crypto pki trustpoint my_trustpoint
4. enrollment terminal
5. subject CN = your_common_name
6. exit
7. crypto pki authenticate my_trustpoint
8. crypto pki enroll my_trustpoint
9. crypto pki import my_trustpoint certificate
10. exit
11. show crypto pki certificates
07-12-2007 11:52 PM
and one more thing - you need to generate certificate using "web server" template
07-13-2007 02:17 AM
Hi,
Otherthan the above mentioned points,please make sure that the device timing settings are synchronized with the CA server timings.
While downloading the certificate form the CA server, the router will do a check on the time value available on the certificate to ensure that it is not expired. If it is expited then it would not install the certificate.
--Jaffer
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: