03-20-2011 08:48 PM
dear Experts
The CISCO1941 Router can't registrat to the CM , how to troubleshooting...
R19-WEX#waas cm-register https://10.202.250.200:8443/wcm/register
R19-WEX#
*Mar 21 11:44:45.383: %WAAS-3-WAAS_CM_REGISTER_FAILED: IOS-WAAS registration with Central Manager failed for the following reason: WAAS Express device certificate is not yet valid.10.10.10.91
R19-WEX#
03-22-2011 05:12 AM
Hi,
It seems you forgot to do step 3 listed in the configuration guide:
Step 3 is configure a persistent self-signed certificate, the details on how to do this are documented below.
Regards,
Mike Korenbaum
Cisco WAAS PDI Help Desk
03-22-2011 08:17 PM
dear Mike
I'm not forget the step 3 ; now i erase and re-config it but still can't ..
R19-WAE(config)#crypto pki trustpoint WCM
R19-WAE(ca-trustpoint)#enrollment terminal pem
R19-WAE(ca-trustpoint)#exit
R19-WAE(config)#crypto pki authenticate WCM
Enter the base 64 encoded CA certificate.
End with a blank line or the word "quit" on a line by itself
-----BEGIN CERTIFICATE-----
MIIDiTCCAvKgAwIBAgIBFDANBgkqhkiG9w0BAQUFADCBkDELMAkGA1UEBhMCVVMx
.....
0hab/8LpIBsam8zbBiQs6WisAfOmCfKmAptlYSe/21OVlOKuLGLHKw3mOO/D
-----END CERTIFICATE-----
Certificate has the following attributes:
Fingerprint MD5: 244BEDD2 6CDF980A AED0C7C9 AAB27CAB
Fingerprint SHA1: B2C157E7 61C89AB8 636DABF7 C28F3927 3311D7C2
% Do you accept this certificate? [yes/no]: yes
Trustpoint CA certificate accepted.
% Certificate successfully imported
R19-WAE(config)#ip domain-name waas.local
R19-WAE(config)#crypto pki trustpoint R19-WAE
R19-WAE(ca-trustpoint)#enrollment selfsigned
R19-WAE(ca-trustpoint)#rsakeypair R19 1024
R19-WAE(ca-trustpoint)#exit
R19-WAE(config)#crypto pki enroll R19-WAE
% Include the router serial number in the subject name? [yes/no]:
% Include an IP address in the subject name? [no]: yes
Enter Interface name or IP Address[]: 10.10.10.91
Generate Self Signed Router Certificate? [yes/no]: yes
Router Self Signed Certificate successfully created
R19-WAE(config)#ip http secure-server
R19-WAE(config)#ip http authentication local
R19-WAE(config)#end
R19-WAE#
R19-WAE#waas cm-register https://10.202.250.200:8443/wcm/register
R19-WAE#
*Mar 23 11:06:23.643: %WAAS-3-WAAS_CM_REGISTER_FAILED: IOS-WAAS registration with Central Manager failed for the following reason: WAAS Express device certificate is not yet valid.10.10.10.91
R19-WAE#wr
Building configuration...
[OK]
R19-WAE#
R19-WAE#waas cm-register https://10.202.250.200:8443/wcm/register
R19-WAE#
*Mar 23 11:06:56.583: %WAAS-3-WAAS_CM_REGISTER_FAILED: IOS-WAAS registration with Central Manager failed for the following reason: WAAS Express device certificate is not yet valid.10.10.10.91
R19-WAE#
03-24-2011 08:18 AM
Try removing the wcm trustpoint you created, and recreate it, but this time when you import the PEM certificate do NOT include the lines ---Begin Certicate--- and ----End Certificate----. Just paste the information between those two lines and hit enter.
I just ran through this procedure in my lab and had no problems registering my 1941 WAAS Express device to the CM.
Regards,
Mike
03-28-2011 12:58 AM
Hello,
From the "not yet valid" part I'm suspecting that maybe you have a time/date issue?
What is the time on the router and on the CM, are they in sync?
You can check the validity of the certificate with:
cdn-1941-1#show crypto pki certificates | i Trustpoint|date
start date: 04:20:57 UTC Feb 13 2011
end date: 00:00:00 UTC Jan 1 2020
Associated Trustpoints: TP-self-signed-1975700381
start date: 16:23:22 UTC Dec 17 2010
end date: 16:23:22 UTC Dec 16 2015
Associated Trustpoints: cdn-wave-274-1
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide