Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1467
Views
0
Helpful
1
Replies

Router Cert Error

benolyndav
Level 4
Level 4

‎09-16-2021 01:46 AM

Hello

We have a Cisco 3900 acting as a CA Router we point the spokes to this router with the enrollment url command, on the spoke router I now see this error and when I do a show crypto pki cert verbose I dont see a certificate on the spokewhich is (SN: 02)

but I do see (SN: 02) on the branch router and its expired and it matches the error below on the spoke, any idea how i fix this, and also coul this generate invalid spi errors also.

 

Branch Router

 

Status: Available

  Version: 3

  Certificate Serial Number (hex): 02

  Certificate Usage: General Purpose

 Validity Date:

    start date: 15:29:55 BST Aug 29 2016

    end   date: 15:29:55 BST Aug 28 2021

  Subject Key Info:

    Public Key Algorithm: rsaEncryption

    RSA Public Key: (2048 bit)

 

 

Spoke Router

 

Sep 16 08:35:01.042: %PKI-3-CERTIFICATE_INVALID_EXPIRED: Certificate chain validation has failed.  The certificate (SN: 02) has expired.    Validity period ended on 15:29:55 BST Aug 28 2021

Labels:
0 Helpful
1 Reply 1

balaji.bandi
Hall of Fame
Hall of Fame

‎09-16-2021 04:31 AM

Cert expired you need to get  generated and renewed :

 

https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_conn_pki/configuration/15-mt/sec-pki-15-mt-book/sec-cert-enroll-pki.html

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card