CCP and 1941 secure discovery problem

RedCr1minal · ‎04-24-2018

Hi everyone!

I have two 2811 and one 1941 in my home lab.

I want to make a secure connection between 1941 and CCP and i faild.

here are the config on the router:

Current configuration : 1970 bytes
!
! Last configuration change at 22:54:29 UTC Tue Apr 24 2018 by cisco
!
version 15.7
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R3
!
boot-start-marker
boot-end-marker
!
!
!
aaa new-model
!
!
aaa group server tacacs+ TA_SERVER
server-private 192.168.111.11 key cisco123
!
aaa authentication login AUTHENTICATION group TA_SERVER local
aaa authorization exec AUTHORIZATION group TA_SERVER local
!
!
!
!
!
!
aaa session-id common
clock timezone UTC 3 0
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!

!
!
!
!
ip domain name localhost
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
license udi pid CISCO1941/K9 sn FHK144076SF
!
!
username cisco privilege 15 secret 5 $1$WHDP$SELnwVQnhuf2lnshCTlq40
!
redundancy
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Embedded-Service-Engine0/0
no ip address
shutdown
!
interface GigabitEthernet0/0
ip address 172.16.1.3 255.255.255.0
duplex auto
speed auto
!
interface GigabitEthernet0/1
ip address 172.16.0.3 255.255.255.0
duplex auto
speed auto
!
ip forward-protocol nd
!
ip http server
ip http authentication local
ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 172.16.1.2
ip route 192.168.111.0 255.255.255.0 172.16.1.2
ip route 192.168.112.0 255.255.255.0 172.16.0.1
ip ssh version 2
!
ipv6 ioam timestamp
!
!
!
!
!
control-plane

Current configuration : 1970 bytes!! Last configuration change at 22:54:29 UTC Tue Apr 24 2018 by cisco!version 15.7service timestamps debug datetime msecservice timestamps log datetime msecno service password-encryption!hostname R3!boot-start-markerboot-end-marker!!!aaa new-model!!aaa group server tacacs+ TA_SERVER server-private 192.168.111.11 key cisco123!aaa authentication login AUTHENTICATION group TA_SERVER localaaa authorization exec AUTHORIZATION group TA_SERVER local!!!!!!aaa session-id commonclock timezone UTC 3 0!!!!!!!!!!!!!!!!!!!!ip domain name localhostip cefno ipv6 cef!multilink bundle-name authenticated!!!!license udi pid CISCO1941/K9 sn FHK144076SF!!username cisco privilege 15 secret 5 $1$WHDP$SELnwVQnhuf2lnshCTlq40!redundancy!!!!!!!!!!!!!!!interface Embedded-Service-Engine0/0 no ip address shutdown!interface GigabitEthernet0/0 ip address 172.16.1.3 255.255.255.0 duplex auto speed auto!interface GigabitEthernet0/1 ip address 172.16.0.3 255.255.255.0 duplex auto speed auto!ip forward-protocol nd!ip http serverip http authentication localip http secure-server!ip route 0.0.0.0 0.0.0.0 172.16.1.2ip route 192.168.111.0 255.255.255.0 172.16.1.2ip route 192.168.112.0 255.255.255.0 172.16.0.1ip ssh version 2!ipv6 ioam timestamp!!!!!control-plane

Nothing really special, huh. When i try to discover by non-secure way, everything is good. But when i do secure connection, i get: Discovery could not be completed because security certificate was rejected. See help for more information.

i generated an rsa keys, 1024 and 2048 bits. I made a "crypto key zeroize" and "no crypto pki trustpoint TP-self-signed-4228565719". Nothing helps. But with my both 2811 everything works from the first touch.

What can be the problem?

UPDATE:

I use cisco CCP 2.8 desktop version.