Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 
Community Member

SSLVPN Certificate will not import

I have a Cisco 2800 ISR. We have sslvpn setup. Trying to get a valid ca certificate and router certificate installed. Using MS CA on windows 2000.

I get this error when I try to import they certificates.


Certificate import has failed. The error returned is:

Certificate is not valid, or has expired, or

the time on your router is invalid.


Time has been verified.

Community Member

Re: SSLVPN Certificate will not import

Try enrollcertificate using CLI (not SDM). I've got the same problem.

1. enable

2. configure terminal

3. crypto pki trustpoint my_trustpoint

4. enrollment terminal

5. subject CN = your_common_name

6. exit

7. crypto pki authenticate my_trustpoint

8. crypto pki enroll my_trustpoint

9. crypto pki import my_trustpoint certificate

10. exit

11. show crypto pki certificates

Community Member

Re: SSLVPN Certificate will not import

and one more thing - you need to generate certificate using "web server" template

Community Member

Re: SSLVPN Certificate will not import


Otherthan the above mentioned points,please make sure that the device timing settings are synchronized with the CA server timings.

While downloading the certificate form the CA server, the router will do a check on the time value available on the certificate to ensure that it is not expired. If it is expited then it would not install the certificate.


CreatePlease to create content