Core issue
This issue is due to the presence of Cisco bug ID CSCsf17411.
In this issue, certification authority (CA) certificate storage fails on the router. The execution of the crypto pki authenticate trustpoint-name command generates this output:
% Do you accept this certificate? [yes/no]: yes
Trustpoint CA certificate accepted.
% Error in saving certificate: status = FAIL
This issue typically occurs in scenarios where the CA certificates do not contain a digital signature or data encryption key usage.
Cisco IOS software releases that are affected by this bug are listed in this affected versions list.
Resolution
In order to workaround this issue, add key usage flags to the CA certificate.
In order to completely resolve this issue, upgrade or downgrade to any of the these Cisco IOS software releases:
- Cisco IOS Software Release 12.4(8b)
- Cisco IOS Software Release 12.4(11.1)
- Cisco IOS Software Release 12.4(10a)
- Cisco IOS Software Release 12.4(11.1)T
Refer to Cisco Downloads in order to download the suggested Cisco IOS software releases.
Frequency
Continuously
Error
%Error in saving certificate: status = FAIL
Cisco IOS Software Version
12.4
Features & Tasks
Digital certificates
VPN Protocols
Certificates - Public Key Infrastructure (PKI)