ca trouble with router

mbenamar · ‎02-24-2004

hi all,

i try to build vpn tunnel with 2 router 1760 based in ca installed in windows 2000 server. i installed ca + mscep and it work well.

when i start confoguration of router, i have message when i enter the command "crypto ca authenticate hostname of my ca ".

this is the message "% CA Cert not yet valid or is expired -

start date: 18:44:25 gmt Feb 24 2004

end date: 18:53:45 gmt Feb 24 2008

% Error in saving certificate: status = FAIL"

for your information , vpn with preshared key work well.

Can anyone help us please ??????????

Best regard

gfullage · ‎02-24-2004

What's the date/time set to on your router (do a "sho clock"? If this is not correct, then the router is going to think the certificate has expired or is not yet valid.

When using certificates always, always set up NTP on your router, this way you'll ensure the time is always correct, even after a reboot.

mbenamar · ‎02-25-2004

Hi,

you are right , it work now , but when i try to make this command "crypto ca enroll nameof my ca " , i have message request pending , i see the same thing in my ca server .

what is possible cause????

Best regard

d-garnett · ‎02-27-2004

make sure your CA/RA is set to automatically issue the Certificate

http://www.getconnected-it.com/infoarch.html

scroll down to

"Configuring Certificate-Based VPN Connections"