Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1540
Views
0
Helpful
1
Replies

how to debug enrollment over secure transport (EST) problem

Wai2
Level 1
Level 1

‎12-31-2018 02:53 PM - edited ‎02-20-2020 09:45 PM

CSST-ASR2(config)#crypto pki enroll testrsa-ca
% Start certificate enrollment ..

% The subject name in the certificate will include: CN=testrouter
% The subject name in the certificate will include: CSST-ASR2.pok.stglabs.ibm.com
% The serial number in the certificate will be: FOX2012G96J
% Include an IP address in the subject name? [no]: no
Using EST to request certificate from CA? [yes/no]: yes
%Error in connection to Certificate Authority:% Attempt to request a certificate failed: status = FAIL

How to find out the problem???

Labels:
0 Helpful
1 Reply 1

Wai2
Level 1
Level 1

‎01-02-2019 02:01 PM

What is the url used from the EST client? I used it as indicated in rfc7030: "https://<server domain>:443/.well-known/est". But the server indicated SSL_V3_BAD_CERTIFICATE. How to figure out the problem?

0 Helpful
Customers Also Viewed These Support Documents