08-25-2023 08:27 AM
Hi,
We are using Cisco ISR4431. we want to establish certificate based authentication IPsec tunnel with 3rdparty company. CA server is in 3rdparty infra. we don't have direct reachability to their server. We are doing exchange of certificates manually.
What we did so far I explaining.
3rdparty share their root, Issuing and immediate certificate with us. We installed root, Issuing and immediate certificate in our router successfully and generate CSR and share that CSR with 3rdparty. 3rdparty gave us certificate against that CSR but when we importing that certificate in our cisco router we are getting below error
%failed to parse or verify imported certificate
Can any one help what is the problem or how we can resolve this
08-25-2023 08:31 AM
@may272007 did you generate the CSR from the router itself? Using crypto pki enroll <TRUSTPOINT_NAME> then to import the signed CSR run crypto pki import <TRUSTPOINT_NAME> certificate?
08-25-2023 07:11 PM
@may272007 did you generate the CSR from the router itself? Using crypto pki enroll <TRUSTPOINT_NAME> then to import the signed CSR run crypto pki import <TRUSTPOINT_NAME> certificate? Yes
08-25-2023 07:23 PM
08-29-2023 12:07 AM
Can Any help to answer
08-30-2023 01:51 PM
What do these debugs say when you try to import the signed certificate?
deb cry pki transactions
deb cry pki messages
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide