cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
16493
Views
0
Helpful
1
Comments
TCC_2
Level 10
Level 10

Core issue

This issue is due to the presence of Cisco bug ID CSCsf17411.

In this issue, certification authority (CA) certificate storage fails on the router. The execution of the crypto pki authenticate trustpoint-name command generates this output:

% Do you accept this certificate? [yes/no]: yes
Trustpoint CA certificate accepted.
% Error in saving certificate: status = FAIL

This issue typically occurs in scenarios where the CA certificates do not contain a digital signature or data encryption key usage.

Cisco IOS  software releases that are affected by this bug are listed in this affected versions list.

Resolution

In order to workaround this issue, add key usage flags to the CA certificate.

In order to completely resolve this issue, upgrade or downgrade to any of the these Cisco IOS software releases:

  • Cisco IOS Software Release 12.4(8b)

  • Cisco IOS Software Release 12.4(11.1)

  • Cisco IOS Software Release 12.4(10a)

  • Cisco IOS Software Release 12.4(11.1)T

Refer to Cisco Downloads in order to download the suggested Cisco IOS software releases.

Frequency

Continuously

Error

%Error in saving certificate: status = FAIL

Cisco IOS Software Version

12.4

Features & Tasks

Digital certificates

VPN Protocols

Certificates - Public Key Infrastructure (PKI)

Comments
xjesus.net
Level 1
Level 1

I've tried to downgrade from 12.4.24T2 to 12.4.15T12 finding the same errors.
I can't download 12.4.11T because it's deferred and
I don't know how to implement the workaround , i.e., adding "digital signature" or "data encryption"
key usage flags to the Callmanager certs I need to import on the gateway for Secure SRST to work.

Please let me know how to add these key usage flags or which IOS fixes this bug.

I'm having big trouble with SRST since Callmanager is in Security Mixed Mode and normal
SRST doesn't work, but Secure SRST can't be configured until I import the certificates, but I can't!!!

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: