Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
472
Views
0
Helpful
1
Replies

CSM 4.8 Failed to retrieve Certificate

michaeldavis4
Level 1
Level 1

‎04-17-2015 12:29 PM - edited ‎02-21-2020 05:27 AM

We installed a new CSM server. The old one was 4.4 on Windows Server 2008. The new one is 4.8 on Windows Server 2012. I imported devices only, using the csv export/import. The previous server had a internal address that was translated to an extranet address for units across the state. The configuration now uses the extranet address natively. I worked through the certificate expires  and connectivity issues to discover the devices, but now I have an odd situation:

 

I deleted the old certificate in the IPS units for the CSM and generated a new one for the allowed address. I tried to retrieve the IPS certificate for all of the units (35) but all say nonretrievable. I can manually put the thumbprint in and then under Device Properties > Credentials > Test Connection it passes. However, the Retrieve from device stills fails with an IO error. I brought the 4.4 back up to check it and it still works. How can I have verified connectivity and recognition of https from the browser on the server, but not be able to retrieve this certificate?

2 people had this problem
0 Helpful
1 Reply 1

sadovnikovmv
Level 1
Level 1

‎06-01-2015 10:57 PM

Hi michaeldavis4. I see same error afrer replace CSM 4.7 to CSM 4.8 (new install 4.8/Windows Server 2012R2). All settings restore from backup.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card