PKI: Query mode

Unanswered Question
Jan 31st, 2008
User Badges:


I tried to implement Query mode for certificate obtaining. CA and client routers both run IOS 12.4(15)T1 and they have following configurations:



crypto pki server ca

database level complete

grant auto

lifetime crl 1


database url disk0:


crypto pki trustpoint ca

ip-address GigabitEthernet0/0

revocation-check crl

rsakeypair ca



crypto pki certificate chain ca

certificate ca 01

308202F8 308201E0 A0030201 02020101 300D0609 2A864886 F70D0101 04050030


8D6883B4 C9681095 9535861F D58417C6 1897DE8A 68A716FE D67B83FB





crypto pki trustpoint CA

enrollment url

serial-number none

ip-address none

fingerprint FB2DF4C0A6242C392DAF9C6D811F32CE

subject-name CN=ubc.test

query certificate

revocation-check crl

rsakeypair UBC 768



crypto pki certificate chain CA

certificate ca 01 query

fingerprint FB2DF4C0A6242C392DAF9C6D811F32CE

certificate 1A query


I successfully obtained root and identity certificates at the beginning. But when I reloaded the client it could not get its certificate.

Can anybody give my some light - what did I miss?

With best regards,


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Maxim Zimovets Mon, 02/04/2008 - 20:20
User Badges:

No. Clocks are fine. Both routers are synced to one time source.

Is there anything else I have to check?



This Discussion