Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
509
Views
0
Helpful
1
Replies

VPN bad certificate issue

h.dam
Level 1
Level 1

‎12-17-2012 08:43 AM

Hi all,

We have VPN IPSec tunnels on cisco routers between Remote/Central sites. I'd like to replace the old 2811 by 29xx on the remote sites.

So I did export/import RSA key for the certificate as follows:

On 2811:

# crypto pki export xxx pkcs12 terminal xxx

On 29xx:

# crypto pki import xxx pkcs12 terminal xxx

But the IPSec tunnel didn't go up, it stayed in MM mode giving "Bad certificate" message in the log.

I ckecked and compared the RSA key and certificate between these routers; they are the same in characters.

Do you have any idea? Where is the problem ?

Thanks for your answer.

Regards,

hdam

Labels:
0 Helpful
1 Reply 1

Marcin Latosiewicz
Cisco Employee
Cisco Employee

‎12-17-2012 09:49 AM

could be a CRL download problem.

See what router will tell you with a bit of debugging.

debug crypt pki m
debug cry pki t 
debug cry pki v
0 Helpful
Customers Also Viewed These Support Documents