cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
814
Views
0
Helpful
3
Replies

SSLVPN Certificate will not import

nathanchoate
Level 1
Level 1

I have a Cisco 2800 ISR. We have sslvpn setup. Trying to get a valid ca certificate and router certificate installed. Using MS CA on windows 2000.

I get this error when I try to import they certificates.

=========================================

Certificate import has failed. The error returned is:

Certificate is not valid, or has expired, or

the time on your router is invalid.

=========================================

Time has been verified.

3 Replies 3

dmitri_vilesov
Level 1
Level 1

Try enrollcertificate using CLI (not SDM). I've got the same problem.

1. enable

2. configure terminal

3. crypto pki trustpoint my_trustpoint

4. enrollment terminal

5. subject CN = your_common_name

6. exit

7. crypto pki authenticate my_trustpoint

8. crypto pki enroll my_trustpoint

9. crypto pki import my_trustpoint certificate

10. exit

11. show crypto pki certificates

and one more thing - you need to generate certificate using "web server" template

Hi,

Otherthan the above mentioned points,please make sure that the device timing settings are synchronized with the CA server timings.

While downloading the certificate form the CA server, the router will do a check on the time value available on the certificate to ensure that it is not expired. If it is expited then it would not install the certificate.

--Jaffer

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: