Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Routers not receiving certificates from IOS CA

Hi,

I have configured an IOS CA to issue certificates to all three routers configured in a hub and spoke topology, I have configured an IPSEC VPN to use RSA for authentication, but it seems that the routers are not receiving the certificates. I have tried to recreate the configuration, but it still does not work. When I do show crypto PKI server XX infor requests on the CA router, I get the following messages

Enrollment Request Database:

Subordinate CA certificate requests:

ReqID State Fingerprint SubjectName

--------------------------------------------------------------

RA certificate requests:

ReqID State Fingerprint SubjectName

--------------------------------------------------------------

Router certificates requests:

ReqID State Fingerprint SubjectName

--------------------------------------------------------------

6 pending xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx serialNumber=XXXXXXXXX+ipaddress=X.X.X.X+hostname=XXXXXXXXX

5 pending xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx serialNumber=XXXXXXXXX+ipaddress=X.X.X.X+hostname=XXXXXXXXX

4 pending xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx serialNumber=XXXXXXXXX+ipaddress=X.X.X.X+hostname=XXXXXXXXX

3 pending xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx serialNumber=XXXXXXXXX+ipaddress=X.X.X.X+hostname=XXXXXXXXX

2 pending xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx serialNumber=XXXXXXXXX+ipaddress=X.X.X.X+hostname=XXXXXXXXX

1 pending xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx serialNumber=XXXXXXXXX+ipaddress=X.X.X.X+hostname=XXXXXXXXX

What could be possible reasons for a state of pending.

Thanks

MZ

2 REPLIES
Silver

Re: Routers not receiving certificates from IOS CA

The Enrollment Request Database only include certificate requests that have not completed or timed out. Certificates

that have been successfully issued can be found in the certificate database (by default configured to nvram although you

may have specified an external location). It is hard to continue without seeing the configs for the devices in question.

Silver

Re: Routers not receiving certificates from IOS CA

Hi,

One possible problem can be that the you have to grant the certificate manually (crypto pki server grant) if the CA is not configured to grant all requests automatically.

Hope it helps, rate if does

Krisztian

107
Views
0
Helpful
2
Replies