Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
634
Views
0
Helpful
2
Replies

question about a debug output (CA)

nvanhaute
Level 1
Level 1

‎06-26-2011 12:35 AM

hi all,

Since I upgraded some of my ISR 3825 by ISR G2 3925e (VPN env) IOS 15.1(4)M, I have this output in log each day :

CRYPTO_PKI: Failed to find ca req pool entry X

I use VPN with x509 certificates + CRL (ldap)

if you have an idea

Regards

Nicolas

Labels:
0 Helpful
2 Replies 2

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎06-26-2011 04:01 AM

Nicolas,

Can I suggest to open up a TAC case? This check as far as I see was introduced in 15.x trains only.

To make things faster enable following debugs before the message is printed:

debug crypto pki mess
debug crypto pki trans
debug crypto pki valid
debug cry pki call

This could be a minor bug or some misconfig, hard to say without view of full config.

Marcin

0 Helpful

nvanhaute
Level 1
Level 1
In response to Marcin Latosiewicz

‎06-26-2011 04:58 AM

hi Marcin,

ok np, I will check with TAC in giving all debugs.

Thanks

Nicolas

0 Helpful
Customers Also Viewed These Support Documents