I am stuck with this issue for the last 2 days now . Everything looks configured here , I configured a router to be CA server . I used another IOS device to get CA from it and it works very fine with NTP setup along with timezones . However when I do it with a Cisco VPN Client software it says
Error 42 : Unable to create certificate enrollment request .
Clock and Timezone perfectly matches the CA server . The URL i tried was http://ip_address/cgi-bin/pkiclient.exe . . The VPN Client is 5.x . I did some debugs crypto pki trans and got following messeges there
Oct 7 03:41:02.255: ../cert-c/source/p7encryp.c(368) : E_DATA : generic data error
Oct 7 03:41:02.259: ../cert-c/source/p7spprt.c(2030) : E_INPUT_DATA : invalid encoding format for input data
Below are some show commands :
Rack1R3#sh crypto pki certificates
CA Certificate
Status: Available
Certificate Serial Number: 0x1
Certificate Usage: Signature
Issuer:
cn=cisco
Subject:
cn=cisco
Validity Date:
start date: 08:34:27 KHI Oct 7 2011
end date: 08:34:27 KHI Oct 6 2014
Associated Trustpoints: cisco
Rack1R3#sh crypto pki server
Certificate Server cisco:
Status: enabled
State: enabled
Server's configuration is locked (enter "shut" to unlock it)
Issuer name: CN=cisco
CA cert fingerprint: 71314758 587A132C A4527FC1 1F80B73B
Granting mode is: auto
Last certificate issued serial number: 0x2
CA certificate expiration timer: 08:34:27 KHI Oct 6 2014
CRL NextUpdate timer: 14:34:28 KHI Oct 7 2011
Current primary storage dir: nvram:
Database Level: Minimum - no cert data written to storage