Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
504
Views
0
Helpful
1
Replies

CERT is NOT valid as per profile

ljohnson21
Level 1
Level 1

‎01-17-2014 08:37 AM

I have a cisco 3945E which is able to successfully establish a IPSec connection.  But after about 15 minutes the connect drops and I get the below error.

CERT is NOT valid as per profile.

I am trying to determine why the certs would initially be valid fail later.

I am using certificate match under the profile.  the certificate match using the subject name and the issuer name.

Has anyone ever seen this?

thanks.

Labels:
0 Helpful
1 Reply 1

m.kafka
Level 4
Level 4

‎01-19-2014 06:35 AM

There is more than subject and issuer in a certificate. Do a detailed debug (pki transactions detailed) or pki messages and decode the ceritificates yourself.

What is the peer? Are there any additional isakmp resp. ikev2 negotiations close to the error message?

0 Helpful
Customers Also Viewed These Support Documents