Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Search instead for
Did you mean:
PKI Troubleshooting: "% Warning: CA cert is not found. The imported certs might not be usable" on IOS
Import a PKCS12 format Certificate from an External CA to IOS Router. The certificate will be used for IOS SSL VPN.
During the Certificate import the below messages appear on the Router. Eventually the certificate doesn't seem to work for SSL when assigned to the WebVPN Config.
% Warning: CA cert is not found. The imported certs might not be usable.
CRYPTO_PKI: Import PKCS12 operation failed to create trustpoint test
%PKI-6-PKCS12IMPORT_FAIL: PKCS #12 Import Failed.
The problem above is that the PKCS12 file only includes the Router\Identity Certificate but does not include the CA certificate. This results in the Certificate Chain creation failure on the Router, when the router tries to send it during SSL negotiation for SSL VPN.
1. Import the CA Root Certificate in Windows. The Root Certificate can be obtained by contacting the Vendor.
2. Import the PKCS12 file in Windows. When importing the certificate, make sure that you check the box " Mark this key as exportable..".
3. Windows OS will create the Certificate Chain automatically.
4. Export the just imported certificate again ,when exporting certificate select the option "Yes, export the private key".
Also during export "check" the box "Include all certificates in the certification path, if possible".
Also "uncheck" the box "Enable strong protection..."
5. The above exported certificate will be in binary format. This needs to be converted to PKCS12 in Base64.