PKI Certificate loss after a failed renewal (auto-enrollment) !

Unanswered Question
Mar 12th, 2009

Hi All,

my cisco router uses a PKI certificate. the certificate used has an expiration date. the router is set to renew automatically (auto-enrollment) the certificate on a specified date (before the expiration date).

problem: when the router can not renew the certificate (obtain a new certificate) for any reason, It deletes the old certificate.

someone has an idea on this?

someone knows where I can find documents that describe the certificate renewal process by routers?

thank you for your help

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
smalkeric Wed, 03/18/2009 - 15:42

When automatic enrollment is configured, clients automatically request client certificates. The CA server performs its own authorization checks; if these checks include a policy to automatically issue certificates, all clients will automatically receive certificates, which is not very secure. Thus, automatic certificate enrollment should be combined with additional authentication and authorization mechanisms (such as Secure Device Provisioning (SDP), leveraging existing certificates, and one-time passwords).

m.moutaabbid Thu, 03/19/2009 - 03:09

thank you for your help.

Specifically, my question is how to explain that the router deletes the old certificate if it does not get a new certificate. the old certificate is still valid (it has not yet expired).

there is no bug referenced about it.

thank you


This Discussion