Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ca trouble with router

hi all,

i try to build vpn tunnel with 2 router 1760 based in ca installed in windows 2000 server. i installed ca + mscep and it work well.

when i start confoguration of router, i have message when i enter the command "crypto ca authenticate hostname of my ca ".

this is the message "% CA Cert not yet valid or is expired -

start date: 18:44:25 gmt Feb 24 2004

end date: 18:53:45 gmt Feb 24 2008

% Error in saving certificate: status = FAIL"

for your information , vpn with preshared key work well.

Can anyone help us please ??????????

Best regard

Cisco Employee

Re: ca trouble with router

What's the date/time set to on your router (do a "sho clock"? If this is not correct, then the router is going to think the certificate has expired or is not yet valid.

When using certificates always, always set up NTP on your router, this way you'll ensure the time is always correct, even after a reboot.

New Member

Re: ca trouble with router


you are right , it work now , but when i try to make this command "crypto ca enroll nameof my ca " , i have message request pending , i see the same thing in my ca server .

what is possible cause????

Best regard

New Member

Re: ca trouble with router

make sure your CA/RA is set to automatically issue the Certificate

scroll down to

"Configuring Certificate-Based VPN Connections"

CreatePlease login to create content