Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

IOS CA Auto-rollover and expired certificates

Hi Guys,

I have a couple of questions, first I have some branches whose certificates already expired. And since my IOSCA is set to manual granting of certificates, and I was not able to grant them before the certificate expired, the branches lost their dmvpn connection to the Hub. The problem is when I try to reconfigure/authenticate the trustpoint to try to re enroll, I am presented with this error "Error in connection to Certificate Authority: status = FAIL". I can ping the CA from the spoke so I don't think this is a connectivity issue. The show crypto pki server shows that the ca server is enabled. Any ideas?

For my second question, I have auto-rollover configured on my IOS CA, do I have to configure any more commands so that the new CA cert can be propagated to the spokes, aside from the autorollover command itself?



Everyone's tags (6)