01-07-2020 01:51 PM
I am playing with the anyconnect vpn on my spare 2921 router. When I follow the instruction to create a trustpoint and enroll a self-signed cert, I got this error:
crypto pki trustpoint my-trustpoint enrollment selfsigned subject-name CN=anyconnect.pason.com rsakeypair my-rsa-keys ! (config)#crypto pki enroll my-trustpoint % Include the router serial number in the subject name? [yes/no]: yes % Include an IP address in the subject name? [no]: no Generate Self Signed Router Certificate? [yes/no]: yes % Attempt to request a certificate failed: status = FAIL
As a troubleshooting step, I tried to enable the HTTP secure server, I also got this error
anyconnect(config)#ip http secure-server Failed to generate persistent self-signed certificate. Secure server will use temporary self-signed certificate.
Any idea why? Is it because I don't have a license? Thanks!
Solved! Go to Solution.
01-08-2020 12:47 AM
01-08-2020 12:47 AM
Do you have an up-to-date IOS-version?
01-08-2020 08:46 AM - edited 01-08-2020 08:52 AM
Hi Karstan, yes I do - Version 16.6.6
I have also tried to factory reset the router and configured the pki the first thing and I still got the same error...
I will read your link. Thanks for that.
Hi Karsten, I apologize for replying without reading your link... I did not know there was a bug. I thought you just asked a general question. I will upgrade to the latest and try again. Thanks!
01-08-2020 09:25 AM
Thank you Karsten, the upgrade fixed the problem.
03-10-2020 01:24 AM
This's cool. thank you very mush. the link take me solved the question(https://www.cisco.com/c/en/us/support/docs/security-vpn/public-key-infrastructure-pki/215118-ios-self-signed-certificate-expiration-o.html).
In my opinion,If the time can return to before January 1, 2020,the problem may be solved. so I set router time to January 1, 2019(clock set 15:00:00 Ian 1 2019) ,it is a wonder that I guess right.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide