Otherthan the above mentioned points,please make sure that the device timing settings are synchronized with the CA server timings.
While downloading the certificate form the CA server, the router will do a check on the time value available on the certificate to ensure that it is not expired. If it is expited then it would not install the certificate.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...