Routers not receiving certificates from IOS CA

Unanswered Question
Oct 2nd, 2007

Hi,

I have configured an IOS CA to issue certificates to all three routers configured in a hub and spoke topology, I have configured an IPSEC VPN to use RSA for authentication, but it seems that the routers are not receiving the certificates. I have tried to recreate the configuration, but it still does not work. When I do show crypto PKI server XX infor requests on the CA router, I get the following messages

Enrollment Request Database:

Subordinate CA certificate requests:

ReqID State Fingerprint SubjectName

--------------------------------------------------------------

RA certificate requests:

ReqID State Fingerprint SubjectName

--------------------------------------------------------------

Router certificates requests:

ReqID State Fingerprint SubjectName

--------------------------------------------------------------

6 pending xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx serialNumber=XXXXXXXXX+ipaddress=X.X.X.X+hostname=XXXXXXXXX

5 pending xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx serialNumber=XXXXXXXXX+ipaddress=X.X.X.X+hostname=XXXXXXXXX

4 pending xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx serialNumber=XXXXXXXXX+ipaddress=X.X.X.X+hostname=XXXXXXXXX

3 pending xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx serialNumber=XXXXXXXXX+ipaddress=X.X.X.X+hostname=XXXXXXXXX

2 pending xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx serialNumber=XXXXXXXXX+ipaddress=X.X.X.X+hostname=XXXXXXXXX

1 pending xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx serialNumber=XXXXXXXXX+ipaddress=X.X.X.X+hostname=XXXXXXXXX

What could be possible reasons for a state of pending.

Thanks

MZ

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
ebreniz Mon, 10/08/2007 - 13:35

The Enrollment Request Database only include certificate requests that have not completed or timed out. Certificates

that have been successfully issued can be found in the certificate database (by default configured to nvram although you

may have specified an external location). It is hard to continue without seeing the configs for the devices in question.

Actions

This Discussion