Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Create a new article
2047
Views
0
Helpful
0
Comments

When trying to generate the general purpose Secure Shell (SSH) keys on the 3725 router, the user receive the %CRYPTO-3-RSA_SELFTEST_FAILED: Generated RSA key failed self test error message

TCC_2
Level 10
Level 10

‎06-22-2009 04:09 PM - edited ‎03-08-2019 06:13 PM

Core issue

This error is most commonly seen on a router that has the AIM-VPN/EPII with Device ID 00, and it running the Cisco IOS  version 12.3.13 with IP/FW/IDS PLUS IPSEC 3DES feature set.

This issue is documented in Cisco bug ID CSCse42201.

You can check the product name and the device ID of the AIM module by issuing the show crypto engine configuration.

Resolution

For a workaround, perform these steps:

  1. Disable the HW encryption module by issuing the no crypto engine accelerator command.

  2. Generate the RSA keys by issuing the crypto key generate rsa general-keys modulus 1024 command.

  3. Enable the HW encryption module by issuing the crypto engine accelerator configuration command.

  4. Upgrade the Cisco IOS  version if running 12.3.13 (12.3.13 is a deferred release).

  5. Replace the AIM module so that the device ID is not 00.
0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents