HI i have a problem that i don't understand that occurs when i am trying to install a root and identity certificate on a cisco 1721 router using cut and paste below is the enrollment procedure as it happened Router>en Router#clock set 16:25:00 aug 22 2007 Router# *Aug 22 16:25:00.000: %SYS-6-CLOCKUPDATE: System clock has been updated from 16: 19:30 UTC Wed Aug 22 2007 to 16:25:00 UTC Wed Aug 22 2007, configured from console by console. Router#conf t Enter configuration commands, one per line. End with CNTL/Z. Router(config)#interface FastEthernet0 Router(config-if)#ip address 192.168.2.1 255.255.255.0 Router(config-if)#ip nat outside Aug 22 16:26:32.707: %LINEPROTO-5-UPDOWN: Line protocol on Interface NVI0, changed state to up Router(config-if)#no shut Router(config-if)# Router(config-if)#interface Ethernet0 Router(config-if)#ip address 192.168.1.1 255.255.255.0 Router(config-if)#ip nat inside Router(config-if)#no shut Router(config-if)# Router(config-if)#access-list 101 permit ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255 Router(config)# Router(config)#access-list 102 deny ip 192.168.1.0 0.0.0.255 192.168.3.0 0.0.0.255 Router(config)#access-list 102 permit ip 192.168.1.0 0.0.0.255 any Router(config)# Router(config)#hostname router-1 router-1(config)#ip domain-name acme.com Aug 22 16:26:42.675: %LINK-3-UPDOWN: Interface FastEthernet0, changed state to up Aug 22 16:26:42.795: %LINK-3-UPDOWN: Interface Ethernet0, changed state to up Aug 22 16:26:43.795: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0,changed state to up Aug 22 16:26:51.899: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0, changed state to up router-1(config)#crypto key generate rsa general-keys The name for the keys will be: router-1.acme.com Choose the size of the key modulus in the range of 360 to 2048 for your General Purpose Keys. Choosing a key modulus greater than 512 may take a few minutes. How many bits in the modulus [512]: % Generating 512 bit RSA keys, keys will be non-exportable...[OK] Aug 22 16:27:16.795: %SSH-5-ENABLED: SSH 1.99 has been enabled router-1(config)#crypto ca trustpoint certserver router-1(ca-trustpoint)#enrollment terminal router-1(ca-trustpoint)#subject-name cn=router-1.acme.com, ou=Sales, o=Acme Ltd, l=purley, st=Surrey, c=GB router-1(ca-trustpoint)#exit router-1(config)# router-1(config)#crypto ca authenticate certserver Enter the base 64 encoded CA certificate. End with a blank line or the word "quit" on a line by itself -----BEGIN CERTIFICATE----- MIICvjCCAmigAwIBAgIQP1Abc62eOIdDYux5KiJA5zANBgkqhkiG9w0BAQUFADCB gDEaMBgGCSqGSIb3DQEJARYLY2FAYWNtZS5jb20xCzAJBgNVBAYTAkdCMQ8wDQYD VQQIEwZTdXJyZXkxDzANBgNVBAcTBlB1cmxleTERMA8GA1UEChMIQWNtZSBMdGQx DjAMBgNVBAsTBVNhbGVzMRAwDgYDVQQDEwdBY21lLUNBMB4XDTA3MDgyMjE1MDgw OVoXDTA5MDgyMjE1MTY1NVowgYAxGjAYBgkqhkiG9w0BCQEWC2NhQGFjbWUuY29t MQswCQYDVQQGEwJHQjEPMA0GA1UECBMGU3VycmV5MQ8wDQYDVQQHEwZQdXJsZXkx ETAPBgNVBAoTCEFjbWUgTHRkMQ4wDAYDVQQLEwVTYWxlczEQMA4GA1UEAxMHQWNt ZS1DQTBcMA0GCSqGSIb3DQEBAQUAA0sAMEgCQQCwDgOgBd59PbopmY18V7APrSVF PdcVHxAqj/aKBTtQ1QGVB4HQj8e5kq/BmNGAV4ktZ5T3LrlTWzzGKtxklxFvAgMB AAGjgbswgbgwCwYDVR0PBAQDAgHGMA8GA1UdEwEB/wQFMAMBAf8wHQYDVR0OBBYE FH7ykf9ZeqUuqv9tV9AFECKWUjv7MGcGA1UdHwRgMF4wLKAqoCiGJmh0dHA6Ly9z ZXJ2ZXItMS9DZXJ0RW5yb2xsL0FjbWUtQ0EuY3JsMC6gLKAqhihmaWxlOi8vXFxz ZXJ2ZXItMVxDZXJ0RW5yb2xsXEFjbWUtQ0EuY3JsMBAGCSsGAQQBgjcVAQQDAgEA MA0GCSqGSIb3DQEBBQUAA0EAbRDjqzMWq9XV+DIGUwz4sqXhB/SmzDiu0YvGEJEk 0ZqooWn/McD+iwNG2vSUunU52+hs4LgGqUcAaeBSJ7Sgbw== -----END CERTIFICATE----- quit Certificate has the following attributes: Fingerprint MD5: 70EBE8B8 7782091B 56FF7930 912B8ADF Fingerprint SHA1: E94A9A03 A0F76965 B4BFAAD2 9BBF5199 CBF64C2E % Do you accept this certificate? [yes/no]: yes Trustpoint CA certificate accepted. % Certificate successfully imported router-1(config)#crypto ca enroll certserver % Start certificate enrollment .. % The subject name in the certificate will include: cn=router-1.acme.com, ou=Sales, o=Acme Ltd, l=purley, st=Surrey, c=GB % The subject name in the certificate will include: router-1.acme.com % Include the router serial number in the subject name? [yes/no]: no % Include an IP address in the subject name? [no]: Display Certificate Request to terminal? [yes/no]: yes 16:29:46 UTC Wed Aug 22 2007: Unexpected exception to CPUvector 1200, PC = 0x81565B1C, LR = 0x812AAEBC -Traceback= 0x81565B1C 0x812AAEBC 0x812ABB08 0x8129819C 0x81298E28 0x81299B14 0x 8129A608 0x806D3CC0 0x806F1F30 0x80385558 0x80388B10 CPU Register Context: MSR = 0x00009032 CR = 0x50000059 CTR = 0x00000000 XER = 0x8000005B R0 = 0x812ABB08 R1 = 0x82C31CB8 R2 = 0x824A0000 R3 = 0x79657300 R4 = 0x79657300 R5 = 0x00000000 R6 = 0x00000000 R7 = 0xFF000000 R8 = 0x00009032 R9 = 0x79657300 R10 = 0xFF000000 R11 = 0x824A0000 R12 = 0x00000000 R13 = 0xFFF39084 R14 = 0x806F15D4 R15 = 0x00000000 R16 = 0x00000000 R17 = 0x00000004 R18 = 0x82F2A538 R19 = 0x00000000 R20 = 0x81F8ECC4 R21 = 0x00000001 R22 = 0x00000000 R23 = 0x81F8ECEC R24 = 0x00000000 R25 = 0x82C31E50 R26 = 0x00000000 R27 = 0x832A91E0 R28 = 0x00000001 R29 = 0x823D2B18 R30 = 0x82C31CD8 R31 = 0x79657300 Writing crashinfo to flash:crashinfo_20070822-162946 === Flushing messages (16:29:46 UTC Wed Aug 22 2007) === Queued messages: No warm reboot Storage *** System received a SegV exception *** signal= 0xb, code= 0x1200, context= 0x8261d438 PC = 0x81565b1c, Vector = 0x1200, SP = 0x82c31cb8 at this point the router reboots its self as you can see the procedure fails and i have no idea why!!! obtaining the root and identity certificate using SCEP works perfectly has anybody any idea what could be causing this to happen?? Regards Melvyn Brown ps router specs are System image file is "flash:c1700-advsecurityk9-mz.124-3.bin" 65MB main memory and 16MB of flash