Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
285
Views
0
Helpful
2
Replies

manual enrollmen failed from CA server

central-infobahnadmin
Level 1
Level 1

‎08-11-2025 07:21 AM

CRYPTO_PKI: unable to build cert attributes list.

IOS Image:c1900-universalk9-mz.SPA.157-3.M9.bin

Harware: CISCO1905/K9

Logs

Aug 11 13:58:05.303: PKI: Trustpoint ITC-ROOT-CA has router cert and loaded
Aug 11 13:58:05.303: PKI: Signing pkcs7 with ITC-ROOT-CA trustpoint router cert
Aug 11 13:58:05.303: PKI: key rollover configured and active
Aug 11 13:58:05.307: E SCEPSignMessage(75) : Error #2h
Aug 11 13:58:05.307: PKI: Failed to sign message
Aug 11 13:58:05.307: CRYPTO_PKI: status = 0x708(E_NOT_FOUND : no matching entry found): failed to sign the data
Aug 11 13:58:05.307: CRYPTO_PKI: status = 65535: PKCS7 wrapping failed.
Aug 11 13:58:05.307: CRYPTO_PKI: status = 0: failed to create pkcsreq message
Aug 11 13:58:05.307: CRYPTO_PKI: status = 65535: fail to send out pkcsreq
Aug 11 13:58:05.307: CRYPTO_PKI: Setting renewal timers
Aug 11 13:58:05.307: PKI:get_cert ITC-ROOT-CA 0x10 (expired=0):
Aug 11 13:58:05.307: PKI:get_cert ITC-ROOT-CA 0x4 (expired=0):
Aug 11 13:58:05.307: PKI: our cert expires before the CA cert for ITC-ROOT-CA
Aug 11 13:58:05.307: PKI:get_cert ITC-ROOT-CA 0x4 (expired=0):
Aug 11 13:58:05.311: CRYPTO_PKI: current date: 19:28:05 IST Aug 11 2025

Aug 11 13:58:05.311: CRYPTO_PKI: seconds until reenroll: 1772171056

Aug 11 13:58:05.311: CRYPTO_PKI: cert expire date: 11:14:16 IST May 11 2026

Aug 11 13:58:05.311: CRYPTO_PKI: renew date: 11:14:16 IST Feb 27 2026

Aug 11 19:28:05: %PKI-4-AUTOCERTFAILWARN: Certificate (re)enrollment failed. Delaying before retry
Aug 11 13:58:05.311: CRYPTO_PKI: set re-enroll timer to 17250371-second
Aug 11 19:28:31: %SYS-5-CONFIG_I: Configured from console by 98585 on vty0 (10.10.200.208)
Aug 11 13:58:31.859: CRYPTO_PKI: Initializing renewal timers
Aug 11 13:58:31.859: PKI:get_cert ITC-ROOT-CA 0x10 (expired=0):
Aug 11 13:58:37.415: CRYPTO_PKI: unable to build cert attributes list
Aug 11 13:58:37.415: CRYPTO_PKI: unable to build cert attributes list
Aug 11 13:58:37.423: CRYPTO_PKI: unable to build cert attributes list
Aug 11 13:58:37.427: CRYPTO_PKI: unable to build cert attributes list

Labels:
0 Helpful
2 Replies 2

Mark Elsen
Hall of Fame
Hall of Fame

‎08-11-2025 09:09 AM



  - @central-infobahnadmin                 FYI :  https://bst.cisco.com/bugsearch/bug/CSCvo31846?rfs=qvred

  M.



-- Let everything happen to you  
       Beauty and terror
      Just keep going    
       No feeling is final
Reiner Maria Rilke (1899)
0 Helpful

MHM Cisco World
VIP
VIP

‎08-11-2025 10:36 AM

show crypto pki trustpoints
show crypto pki certificates ITC-ROOT-CA
show crypto key mypubkey rsa

Share above 

And share trustpoint config 

MHM

0 Helpful
Customers Also Viewed These Support Documents