Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
18198
Views
21
Helpful
4
Replies

Can't generate the self-signed cert for the Anyconnect VPN

Go to solution
Difan Zhao
Level 5
Level 5

‎01-07-2020 01:51 PM

I am playing with the anyconnect vpn on my spare 2921 router. When I follow the instruction to create a trustpoint and enroll a self-signed cert, I got this error:

crypto pki trustpoint my-trustpoint
 enrollment selfsigned
 subject-name CN=anyconnect.pason.com
 rsakeypair my-rsa-keys
!
(config)#crypto pki enroll my-trustpoint
% Include the router serial number in the subject name? [yes/no]: yes
% Include an IP address in the subject name? [no]: no
Generate Self Signed Router Certificate? [yes/no]: yes
% Attempt to request a certificate failed: status = FAIL

As a troubleshooting step, I tried to enable the HTTP secure server, I also got this error

anyconnect(config)#ip http secure-server
Failed to generate persistent self-signed certificate.
    Secure server will use temporary self-signed certificate.

Any idea why? Is it because I don't have a license? Thanks!

9 people had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions
4 Replies 4

Go to solution
Difan Zhao
Level 5
Level 5
In response to Karsten Iwen

‎01-08-2020 08:46 AM - edited ‎01-08-2020 08:52 AM

Hi Karstan, yes I do -  Version 16.6.6

I have also tried to factory reset the router and configured the pki the first thing and I still got the same error...

I will read your link. Thanks for that.

 

Hi Karsten, I apologize for replying without reading your link... I did not know there was a bug. I thought you just asked a general question. I will upgrade to the latest and try again. Thanks!

0 Helpful

Go to solution
Difan Zhao
Level 5
Level 5
In response to Karsten Iwen

‎01-08-2020 09:25 AM

Thank you Karsten, the upgrade fixed the problem.

0 Helpful

Go to solution
醉清风
Level 1
Level 1
In response to Karsten Iwen

‎03-10-2020 01:24 AM

This's cool. thank you very mush. the link take me solved the question(https://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/215118-ios-self-signed-certificate-expiration-o.html).

In my opinion,If the time can return to before January 1, 2020,the problem may be solved. so I set router time to January 1, 2019(clock set 15:00:00 Ian 1 2019) ,it is a wonder that I guess right. 

Customers Also Viewed These Support Documents