Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4051
Views
0
Helpful
2
Replies

Monitor pki certificate status via snmp

Soren Hansen
Level 1
Level 1

‎09-26-2013 05:44 AM - last edited on ‎02-21-2020 11:24 PM by Community Manager

I recently discovered that a number of our remote sites could not connect to each other via dmvpn due to various certificate problems.

They could all connect to our hubs due to pre shared keys, so the problem was never discovered before a colleague discovered MM_KEY_EXCH states on some of the routers.

I therefore want to monitor the state of the certificates, preferably via snmp.

I found a nice looking mib,CISCO-PKI-PARTICIPATION-MIB, on http://tools.cisco.com/Support/SNMP/do/BrowseOID.do?local=en&translate=Translate&objectInput=1.3.6.1.4.1.9.9.505

but none of our routers seem to support it, and when you click on "view supporting images", it also specifies: "There is no supporting images available for

CISCO-PKI-PARTICIPATION-MIB"

Do you have any experience on how to monitor certificate status on your Cisco routers?

5 people had this problem
0 Helpful
2 Replies 2

nativevlan
Level 4
Level 4

‎11-06-2014 05:33 AM

I know this is an old post but we're looking for the same thing, did you find a way to do this for your routers or ASA devices (if you have any)?

0 Helpful

Soren Hansen
Level 1
Level 1
In response to nativevlan

‎11-06-2014 07:04 AM

No real solution. I found that they all needed to connect to one specific router, so I fire off "show crypto isakmp sa | inc MM_KEY_EXCH" on that specific router via our management platform, and receive a mail with the output on a daily basis.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card