cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

585
Views
0
Helpful
0
Replies
Highlighted
Beginner

IOS CA Auto-rollover and expired certificates

Hi Guys,

I have a couple of questions, first I have some branches whose certificates already expired. And since my IOSCA is set to manual granting of certificates, and I was not able to grant them before the certificate expired, the branches lost their dmvpn connection to the Hub. The problem is when I try to reconfigure/authenticate the trustpoint to try to re enroll, I am presented with this error "Error in connection to Certificate Authority: status = FAIL". I can ping the CA from the spoke so I don't think this is a connectivity issue. The show crypto pki server shows that the ca server is enabled. Any ideas?

For my second question, I have auto-rollover configured on my IOS CA, do I have to configure any more commands so that the new CA cert can be propagated to the spokes, aside from the autorollover command itself?

Regards,

Adrian

Everyone's tags (6)