cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2912
Views
10
Helpful
5
Replies

config certificate and log issues

zhuo zhao
Level 1
Level 1

I config certificate and use it to connect ipsec vpn , I just config    

jinan-neusoft(config)#ip domain-name neusoft.com

jinan-neusoft(config)#crypto key generate rsa general-keys
The name for the keys will be: jinan-neusoft.neusoft.com
Choose the size of the key modulus in the range of 360 to 4096 for your
  General Purpose Keys. Choosing a key modulus greater than 512 may take
  a few minutes.

How many bits in the modulus [512]:
% Generating 512 bit RSA keys, keys will be non-exportable...
[OK] (elapsed time was 0 seconds)

jinan-neusoft(config)#
Nov 16 01:05:44.435:  RSA key size needs to be atleast 768 bits for ssh version 2
jinan-neusoft(config)#
Nov 16 01:05:44.435: %SSH-5-ENABLED: SSH 1.5 has been enabled

jinan-neusoft(config)#crypto pki trustpoint CA1

jinan-neusoft(ca-trustpoint)# enrollment url http://59.44.43.217:80

jinan-neusoft(ca-trustpoint)# revocation-check crl

jinan-neusoft(ca-trustpoint)# rsakeypair DMVPN-SY-KEY

jinan-neusoft(ca-trustpoint)# auto-enrol

jinan-neusoft(config)#crypto pki authenticate CA1
Certificate has the following attributes:
       Fingerprint MD5: D5F9D56B 4D9A4260 43F21D39 811D7AD5
      Fingerprint SHA1: 1E49B228 DD57F4DB 43DD2C2F 03870C18 840DA12A

% Do you accept this certificate? [yes/no]: y

Trustpoint CA certificate accepted.

then I have log issues like below ,even I config auto-enroll , I don t get  certificate pending information  from my certificate server ,

my device is C3925 and ios is c3900-universalk9-mz.SPA.151-4.M4.bin ,how to deal with it ,top players , THX~~~~

Nov 16 01:07:54.871: %PKI-6-CERTRENEWAUTO: Renewing the router certificate for trustpoint CA1

Nov 16 01:07:54.951: %CRYPTO-6-AUTOGEN: Generated new 512 bit key pair

Nov 16 01:07:55.115: CRYPTO_PKI:  Certificate Request Fingerprint MD5: 939AF8C1 854DDA90 8FE03058 5635468F

Nov 16 01:07:55.115: CRYPTO_PKI:  Certificate Request Fingerprint SHA1: 50F869D2 C0814317 7EB2ECC9 90461F3A 353E7089

Nov 16 01:07:55.119: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level

-Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6

jinan-neusoft(config)#D05F70z 6D06B50z 6D07268z 6D43018z 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 4127784z

Nov 16 01:07:55.119: %SYS-2-MALLOCFAIL: Memory allocation of 40 bytes failed from 0x6D05DEC, alignment 0

Pool: Processor  Free: 731143916  Cause: Interrupt level allocation

Alternate Pool: None  Free: 0  Cause: Interrupt level allocation

-Process= "<interrupt level>", ipl= 3

-Traceback= 5564384z 6892328z 68B3064z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D43018z 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z

Nov 16 01:07:55.119: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level

-Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D4308Cz 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 4127784z

jinan-neusoft(config)#

Nov 16 01:08:09.719: %PKI-6-CERTRENEWAUTO: Renewing the router certificate for trustpoint CA1

Nov 16 01:08:09.879: CRYPTO_PKI:  Certificate Request Fingerprint MD5: 939AF8C1 854DDA90 8FE03058 5635468F

Nov 16 01:08:09.879: CRYPTO_PKI:  Certificate Request Fingerprint SHA1: 50F869D2 C0814317 7EB2ECC9 90461F3A 353E7089

jinan-neusoft(config)#

Nov 16 01:08:09.883: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level

-Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D43018z 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 4127784z

Nov 16 01:08:09.883: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level

-Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D4308Cz 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 4127784z

jinan-neusoft(config)# Nov 16 01:07:54.871: %PKI-6-CERTRENEWAUTO: Renewing the router certificate for trustpoint CA1
Nov 16 01:07:54.951: %CRYPTO-6-AUTOGEN: Generated new 512 bit key pair
Nov 16 01:07:55.115: CRYPTO_PKI:  Certificate Request Fingerprint MD5: 939AF8C1 854DDA90 8FE03058 5635468F
Nov 16 01:07:55.115: CRYPTO_PKI:  Certificate Request Fingerprint SHA1: 50F869D2 C0814317 7EB2ECC9 90461F3A 353E7089
Nov 16 01:07:55.119: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level
-Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6
jinan-neusoft(config)#D05F70z 6D06B50z 6D07268z 6D43018z 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 4127784z
Nov 16 01:07:55.119: %SYS-2-MALLOCFAIL: Memory allocation of 40 bytes failed from 0x6D05DEC, alignment 0
Pool: Processor  Free: 731143916  Cause: Interrupt level allocation
Alternate Pool: None  Free: 0  Cause: Interrupt level allocation
-Process= "<interrupt level>", ipl= 3
-Traceback= 5564384z 6892328z 68B3064z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D43018z 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z
Nov 16 01:07:55.119: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level
-Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D4308Cz 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 4127784z
jinan-neusoft(config)#
Nov 16 01:08:09.719: %PKI-6-CERTRENEWAUTO: Renewing the router certificate for trustpoint CA1
Nov 16 01:08:09.879: CRYPTO_PKI:  Certificate Request Fingerprint MD5: 939AF8C1 854DDA90 8FE03058 5635468F
Nov 16 01:08:09.879: CRYPTO_PKI:  Certificate Request Fingerprint SHA1: 50F869D2 C0814317 7EB2ECC9 90461F3A 353E7089
jinan-neusoft(config)#
Nov 16 01:08:09.883: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level
-Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D43018z 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 4127784z
Nov 16 01:08:09.883: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level
-Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D4308Cz 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 4127784z
jinan-neusoft(config)#

1 Accepted Solution

Accepted Solutions

olpeleri
Cisco Employee
Cisco Employee

Hello,

I did'nt decode your traceback but it looks like a well known issue:

CSCty42626    RSA operations fail with '(malloc) at interrupt level' msg

Upgrade to at least

15.2(03)T01

15.1(04)M5

15.1(01)T05

15.2(04)M1

Cheers,

Olivier

View solution in original post

5 Replies 5

njerred
Level 1
Level 1

I do not have the answer but have exactly the same issue, looks as if it is a bug of some kind :

Cisco CISCO3945-CHASSIS (revision 1.0) with C3900-SPE150/K9 with 980992K/67584K bytes of memory.
Processor board ID FCZ163371P3
6 FastEthernet interfaces
3 Gigabit Ethernet interfaces
1 terminal line
1 Virtual Private Network (VPN) Module
DRAM configuration is 72 bits wide with parity enabled.
255K bytes of non-volatile configuration memory.
250880K bytes of ATA System CompactFlash 0 (Read/Write)

System image file is "flash0:c3900-universalk9-mz.SPA.151-4.M4.bin"

Nov 16 07:37:16.611: CRYPTO_PKI: Signature Certificate Request Fingerprint MD5: 358FF778 7C2E66AE 895BF088 BF022442

.Nov 16 07:37:16.615: CRYPTO_PKI: Signature Certificate Request Fingerprint SHA1: 5F7A4300 20B62132 83D08C6E 2D315DF4 51EFE94D

.Nov 16 07:37:16.623: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level

-Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D4308Cz 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 412

7784z

.Nov 16 07:37:16.623: %SYS-2-MALLOCFAIL: Memory allocation of 72 bytes failed from 0x6D05DEC, alignment 0

Pool: Processor  Free: 704933204  Cause: Interrupt level allocation

Alternate Pool: None  Free: 0  Cause: Interrupt level allocation

-Process= "", ipl= 3

-Traceback= 5564384z 6892328z 68B3064z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D4308Cz 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4AC

B9F4z Nov 16 07:37:16.611: CRYPTO_PKI: Signature Certificate Request Fingerprint MD5: 358FF778 7C2E66AE 895BF088 BF022442
.Nov 16 07:37:16.615: CRYPTO_PKI: Signature Certificate Request Fingerprint SHA1: 5F7A4300 20B62132 83D08C6E 2D315DF4 51EFE94D
.Nov 16 07:37:16.623: %SYS-3-INVMEMINT: Invalid memory action (malloc) at interrupt level
-Traceback= 5564384z 68B3034z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D4308Cz 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4ACB9F4z 412
7784z
.Nov 16 07:37:16.623: %SYS-2-MALLOCFAIL: Memory allocation of 72 bytes failed from 0x6D05DEC, alignment 0
Pool: Processor  Free: 704933204  Cause: Interrupt level allocation
Alternate Pool: None  Free: 0  Cause: Interrupt level allocation
-Process= "", ipl= 3
-Traceback= 5564384z 6892328z 68B3064z 945A8D0z 6D05DF0z 6D05F70z 6D06B50z 6D07268z 6D4308Cz 6D25044z 6D1988Cz 6D4CCE0z 91F0154z 91F0CC4z 91F0DA4z 4AC
B9F4z

that is a ios bug , i have certain it in cisco.com

Memory Allocation Failure at Process = interrupt level

This situation can be identified by the process in the error message. If the process is listed as , as in the following example, then the memory allocation failure is being caused by a software problem.

"%SYS-2-MALLOCFAIL: Memory allocation of 68 bytes failed from 0x604CEF48, 
pool Processor, alignment 0-Process= , ipl= 3"

This is a Cisco Internet Operating System (IOS) bug. You can use the Bug Toolkit (registered customers only) to search for a matching software bug ID for this issue. Once the software bug has been identified, upgrade to a Cisco IOS software version that contains the fix to resolve the problem.

http://www.cisco.com/en/US/products/sw/iosswrel/ps1831/products_tech_note09186a00800a6f3a.shtml

thanks a lot ,  may i know how to search the bug information in cisco.com

olpeleri
Cisco Employee
Cisco Employee

Hello,

I did'nt decode your traceback but it looks like a well known issue:

CSCty42626    RSA operations fail with '(malloc) at interrupt level' msg

Upgrade to at least

15.2(03)T01

15.1(04)M5

15.1(01)T05

15.2(04)M1

Cheers,

Olivier

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: