10-02-2007 07:38 PM - edited 03-05-2019 06:50 PM
Hi,
I have configured an IOS CA to issue certificates to all three routers configured in a hub and spoke topology, I have configured an IPSEC VPN to use RSA for authentication, but it seems that the routers are not receiving the certificates. I have tried to recreate the configuration, but it still does not work. When I do show crypto PKI server XX infor requests on the CA router, I get the following messages
Enrollment Request Database:
Subordinate CA certificate requests:
ReqID State Fingerprint SubjectName
--------------------------------------------------------------
RA certificate requests:
ReqID State Fingerprint SubjectName
--------------------------------------------------------------
Router certificates requests:
ReqID State Fingerprint SubjectName
--------------------------------------------------------------
6 pending xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx serialNumber=XXXXXXXXX+ipaddress=X.X.X.X+hostname=XXXXXXXXX
5 pending xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx serialNumber=XXXXXXXXX+ipaddress=X.X.X.X+hostname=XXXXXXXXX
4 pending xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx serialNumber=XXXXXXXXX+ipaddress=X.X.X.X+hostname=XXXXXXXXX
3 pending xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx serialNumber=XXXXXXXXX+ipaddress=X.X.X.X+hostname=XXXXXXXXX
2 pending xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx serialNumber=XXXXXXXXX+ipaddress=X.X.X.X+hostname=XXXXXXXXX
1 pending xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx serialNumber=XXXXXXXXX+ipaddress=X.X.X.X+hostname=XXXXXXXXX
What could be possible reasons for a state of pending.
Thanks
MZ
10-08-2007 01:35 PM
The Enrollment Request Database only include certificate requests that have not completed or timed out. Certificates
that have been successfully issued can be found in the certificate database (by default configured to nvram although you
may have specified an external location). It is hard to continue without seeing the configs for the devices in question.
10-10-2007 03:02 AM
Hi,
One possible problem can be that the you have to grant the certificate manually (crypto pki server
Hope it helps, rate if does
Krisztian
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide