Cisco Support Community
Community Member

Monitor pki certificate status via snmp

I recently discovered that a number of our remote sites could not connect to each other via dmvpn due to various certificate problems.

They could all connect to our hubs due to pre shared keys, so the problem was never discovered before a colleague discovered MM_KEY_EXCH states on some of the routers.

I therefore want to monitor the state of the certificates, preferably via snmp.

I found a nice looking mib,CISCO-PKI-PARTICIPATION-MIB, on

but none of our routers seem to support it, and when you click on "view supporting images", it also specifies: "There is no supporting images available for


Do you have any experience on how to monitor certificate status on your Cisco routers?

Everyone's tags (5)
Community Member

I know this is an old post

I know this is an old post but we're looking for the same thing, did you find a way to do this for your routers or ASA devices (if you have any)?

Community Member

No real solution. I found

No real solution. I found that they all needed to connect to one specific router, so I fire off "show crypto isakmp sa | inc MM_KEY_EXCH" on that specific router via our management platform, and receive a mail with the output on a daily basis.

CreatePlease to create content