Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Problem manually loading certificate loading vpn spa device certificate on catalyst 6500

Dear colleagues,

I wonder if someone out there can point in the right direction.

I have the IPSEC VPN SPA running of a CAT6513 switch and I am wanting to use certificates for authenitication but somehow I can't seem to complete the process successfully:

I have gone through the following steps:

1. crypto key generate rsa general keys

Created my keys with modulus 2048.

2. Create the trust point

crypto ca trustpoint mysite

3. Generate CSR

crypto ca enroll mysite

4.Create my cer from the csr created above.

5. Load the CA root certificate

Loads succesfully

CA loaded

6. Load server certificate(VPN SPA)

crypto ca import mysite certificate

I then get the following error:

Failed to parse or verify imported certificate?

The CA has a modulus of 4096 bits and I used to generate the key for signing with the CA.

Could that cause problems?

Can someone please point out where I might be going wrong?

Thanks and regards,

Gibson Moses

Cisco Employee

Re: Problem manually loading certificate loading vpn spa device

Hello there,

Can you please share with us decode of the new certificate?

One thing I was recently dealing with was Signature Algorithm field.

But maybe you can do crypto pki debugs while you apply the cert?


deb cry pki m

deb cry pki t


and do share software version on cat6k.

Not that PKI component is not dependand on VPN SPA.


CreatePlease to create content