https://community.cisco.com/t5/network-security/certificate-error-cisco-ios-router-as-ca/m-p/3821227#M30192 Hi,<BR />Is http disabled on the router? ...it is disabled as default - Enable it by entering the command "ip http server"<BR /><BR />HTH Mon, 18 Mar 2019 11:50:41 GMT Rob Ingram 2019-03-18T11:50:41Z https://community.cisco.com/t5/network-security/certificate-error-cisco-ios-router-as-ca/m-p/3821224#M30191 <P>Hi,</P> <P>&nbsp;</P> <P>I am trying a very simple CA set up as below</P> <P>&nbsp;</P> <P>R4 Fa3/0--------------Fa0/0 R2 AKA CA SERVER</P> <P>&nbsp;</P> <P>Below is the debug o/p from R2 while executing the command "crypto CA authenticate &lt;trustpoint-name&gt;" in R4</P> <P>May 18 11:23:14.383: CRYPTO_CS: received a SCEP GetCACert request<BR />May 18 11:23:14.391: CRYPTO_CS: msg not sent due to HTTP server error 1725988684<BR />May 18 11:23:14.391: CRYPTO_CS: CA certificate not sent due to HTTP server error.<BR />May 18 11:23:14.487: CRYPTO_CS: received a SCEP GetCACaps request<BR />May 18 11:23:14.491: CRYPTO_CS: msg not sent due to HTTP server error 1<BR />May 18 11:23:14.495: CRYPTO_CS: Capabilities not sent due to HTTP server error</P> <P>R2#</P> <P>&nbsp;</P> <P>R2 Config =</P> <P>crypto pki server CA-KEY<BR />issuer-name CN=CCIE training O=Ajuslab OU=training L=India<BR />grant auto<BR />crypto pki trustpoint CA-KEY<BR />revocation-check crl<BR />rsakeypair CA-KEY<BR />crypto pki certificate chain CA-KEY<BR />certificate ca 01<BR />30820245 308201AE A0030201 02020101 300D0609 2A864886 F70D0101 04050030<BR />36313430 32060355 0403132B 43434945 20747261 696E696E 67204F3D 416A7573</P> <P>&nbsp;</P> <P>R4</P> <P>crypto pki trustpoint TP-self-signed-4279256517<BR />enrollment selfsigned<BR />subject-name cn=IOS-Self-Signed-Certificate-4279256517<BR />revocation-check none<BR />rsakeypair TP-self-signed-4279256517<BR />crypto pki trustpoint CLIENT-KEY<BR />enrollment url <A href="http://199.55.55.1:80" target="_blank">http://199.55.55.1:80</A><BR />revocation-check none<BR />crypto pki certificate chain TP-self-signed-4279256517<BR />crypto pki certificate chain CLIENT-KEY<BR />certificate ca 01<BR />30820245 308201AE A0030201 02020101 300D0609 2A864886 F70D0101 04050030<BR />36313430 32060355 0403132B 43434945 20747261 696E696E 67204F3D 416A7573</P> <P>&nbsp;</P> <P>Can anyone help me whats this error is &amp; how to fix it?</P> Mon, 18 Mar 2019 11:44:23 GMT https://community.cisco.com/t5/network-security/certificate-error-cisco-ios-router-as-ca/m-p/3821224#M30191 Ajay Raj 2019-03-18T11:44:23Z https://community.cisco.com/t5/network-security/certificate-error-cisco-ios-router-as-ca/m-p/3821227#M30192 Hi,<BR />Is http disabled on the router? ...it is disabled as default - Enable it by entering the command "ip http server"<BR /><BR />HTH Mon, 18 Mar 2019 11:50:41 GMT https://community.cisco.com/t5/network-security/certificate-error-cisco-ios-router-as-ca/m-p/3821227#M30192 Rob Ingram 2019-03-18T11:50:41Z