CSST-ASR2(config)#crypto pki enroll testrsa-ca
% Start certificate enrollment ..
% The subject name in the certificate will include: CN=testrouter
% The subject name in the certificate will include: CSST-ASR2.pok.stglabs.ibm.com
% The serial number in the certificate will be: FOX2012G96J
% Include an IP address in the subject name? [no]: no
Using EST to request certificate from CA? [yes/no]: yes
%Error in connection to Certificate Authority:% Attempt to request a certificate failed: status = FAIL
How to find out the problem???