I am playing with the anyconnect vpn on my spare 2921 router. When I follow the instruction to create a trustpoint and enroll a self-signed cert, I got this error:
crypto pki trustpoint my-trustpoint
enrollment selfsigned
subject-name CN=anyconnect.pason.com
rsakeypair my-rsa-keys
!
(config)#crypto pki enroll my-trustpoint
% Include the router serial number in the subject name? [yes/no]: yes
% Include an IP address in the subject name? [no]: no
Generate Self Signed Router Certificate? [yes/no]: yes
% Attempt to request a certificate failed: status = FAIL
As a troubleshooting step, I tried to enable the HTTP secure server, I also got this error
anyconnect(config)#ip http secure-server
Failed to generate persistent self-signed certificate.
Secure server will use temporary self-signed certificate.Any idea why? Is it because I don't have a license? Thanks!
