Authenticating the CA

Unanswered Question
Jul 11th, 2007
User Badges:

I got this error:

Router1(config)#crypto ca authenticate SCIS-E36A410855

% Error in receiving Certificate Authority certificate: status = FAIL, cert length = 0

Any ideas?


Here?s the config:

Router1#show run

hostname Router-Main


clock timezone GMT 8


ip domain name

ip host certserver


crypto ca trustpoint SCIS-E36A410855

enrollment retry count 3

enrollment retry period 5

enrollment mode ra

enrollment url

crl optional


interface FastEthernet0/0

ip address


interface FastEthernet0/1

ip address


router rip



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 3 (1 ratings)
jaffer_sathik2010 Fri, 07/13/2007 - 03:26
User Badges:


Please make sure the following things..

1. Check whether CA server moule is up at the url

2. The machine with the ip is accessible form the router.

If aboube things are perfect, then enable the command 'debug crypto pki transactions'on the router and try to authenticate the CA server. It will give you some sort of debugging mesage.

Post the debug message.


network27 Mon, 07/16/2007 - 01:49
User Badges:

Hi Jaffar,

Thank you for your reply. Ive managed to bypass the CA server stage and now facing another problem, its got to do with configuring an IOS Router Site-to-Site VPN Using Digital Certificates

Could some one please give me a hand?

Here is my network topology:




I got this error message when enable debug:

R1# Jul 15 22:07:10.651: %CRYPTO-4-RECVD_PKT_NOT_IPSEC: Rec'd packet not an IPSEC packet. (ip) vrf/dest_addr= /, src_addr=, prot= 17

I could ping from R1 to R3 without crypto map and ACL.

Attacched is my show run and debug configs for the 2 routers.

Thanks in advance,



This Discussion