Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
267
Views
0
Helpful
2
Replies

Routers not receiving certificates from IOS CA

mayambanzumba
Level 1
Level 1

‎10-02-2007 07:38 PM - edited ‎03-05-2019 06:50 PM

Hi,

I have configured an IOS CA to issue certificates to all three routers configured in a hub and spoke topology, I have configured an IPSEC VPN to use RSA for authentication, but it seems that the routers are not receiving the certificates. I have tried to recreate the configuration, but it still does not work. When I do show crypto PKI server XX infor requests on the CA router, I get the following messages

Enrollment Request Database:

Subordinate CA certificate requests:

ReqID State Fingerprint SubjectName

--------------------------------------------------------------

RA certificate requests:

ReqID State Fingerprint SubjectName

--------------------------------------------------------------

Router certificates requests:

ReqID State Fingerprint SubjectName

--------------------------------------------------------------

6 pending xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx serialNumber=XXXXXXXXX+ipaddress=X.X.X.X+hostname=XXXXXXXXX

5 pending xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx serialNumber=XXXXXXXXX+ipaddress=X.X.X.X+hostname=XXXXXXXXX

4 pending xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx serialNumber=XXXXXXXXX+ipaddress=X.X.X.X+hostname=XXXXXXXXX

3 pending xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx serialNumber=XXXXXXXXX+ipaddress=X.X.X.X+hostname=XXXXXXXXX

2 pending xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx serialNumber=XXXXXXXXX+ipaddress=X.X.X.X+hostname=XXXXXXXXX

1 pending xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx serialNumber=XXXXXXXXX+ipaddress=X.X.X.X+hostname=XXXXXXXXX

What could be possible reasons for a state of pending.

Thanks

MZ

Labels:
0 Helpful
2 Replies 2

ebreniz
Level 6
Level 6

‎10-08-2007 01:35 PM

The Enrollment Request Database only include certificate requests that have not completed or timed out. Certificates

that have been successfully issued can be found in the certificate database (by default configured to nvram although you

may have specified an external location). It is hard to continue without seeing the configs for the devices in question.

0 Helpful

kerek
Level 4
Level 4
In response to ebreniz

‎10-10-2007 03:02 AM

Hi,

One possible problem can be that the you have to grant the certificate manually (crypto pki server grant) if the CA is not configured to grant all requests automatically.

Hope it helps, rate if does

Krisztian

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card