Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Enroll Cert fails on IOS 12.4 from cisco pc client. What other products?

I've been really struggling with the pc certificate request/enrollment trying various versions of Cisco VPN CLient 4.6,4.8,5.0. I've tried every combination of scep and/or file binary/file base 64 without any promise of avoiding errors all leading me to believe a bad certificate was created.

I'm using Cisco's IOS 12.4(13b) as CA server and have tried to connect to both RA and CA.

Common enrollment error at router IOS:


Aug 2 16:10:10.910: CRYPTO_CS: received an enrollment request

Aug 2 16:10:10.918: E ../cert-c/source/certobj.c(691) : Error #705h

Aug 2 16:10:10.918: CRYPTO_CS: failed to set the cert object

Aug 2 16:10:21.888: CRYPTO_CS: Granting enrollment request 15

Aug 2 16:10:21.892: CRYPTO_CS: added CDP extension

Aug 2 16:10:21.892: CRYPTO_CS: added key usage extension

Aug 2 16:10:22.809: CRYPTO_CS: serial number 0x10 written.

Aug 2 16:10:22.914: CRYPTO_CS: reqID=15 granted, fingerprint=8D150C0D95F736A76D


A client enroll error is:


1 10:58:49.362 08/02/07 Sev=Warning/3 CERT/0xA360000C

Certificate import failed - ImportMyCertAndKey: 1797

2 10:58:49.362 08/02/07 Sev=Warning/3 CERT/0xA360000C

Certificate import failed - ImportCertFromPkcs12File fail: 1797

I've attached a file of the run-time error from the IOS which is similar to the clients run-time below, but much more imformative:


1 16:28:30.598 08/01/07 Sev=Warning/3 IKE/0xE3000081

Invalid remote certificate id: ID_FQDN: ID =, Certificate = [NULL]

2 16:28:30.598 08/01/07 Sev=Warning/3 IKE/0xE3000058

The peer's certificate doesn't match Phase 1 ID

3 16:28:30.618 08/01/07 Sev=Warning/2 IKE/0xE30000A5

Unexpected SW error occurred while processing Identity Protection (Main Mode) negotiator:(Navigator:2202)

What other products are inexpensive yet dependable, because need a low cost approach to roll it out. Small shop, planned # of vpn users is less than 25.



Re: Enroll Cert fails on IOS 12.4 from cisco pc client. What oth

In order to reolve this issue, use up to 64 characters in the CN field as the CN field is currently limited to 64 characters only.