Unable to get router cert or router does not have a cert: needed to find DN

While testing out IPSEC with Microsoft as Certification Authority (CA), we encounter problems and “debug crypto isakmp” showed us a bunch of details. But one very particular message was “Unable to get router cert or routerdoes not have a cert: needed to find DN!“. After much googling, found out the hard way, that the Microsoft Certification Authority server require to manually issue the certificate requests. This can be set to automatically. You can verify this by issuing “show crypto pki trustpoint status” on the routers, you will see “Certificate request(s) ….. Pending”.

Head to the Microsoft Certification Authority server

1. Go to Start > Administrative Tools > Certification Authority
2. Right Click on the server name > Properties
3. Policy Module tab > Properties
4. Select “Follow the settings in the certificate template, if applicable. Otherwise, automatically issue the certificate.”

Reference

MS – Set the Default Action Upon Receipt of a Certificate Request [LINK]
Cisco – IPsec Troubleshooting: Understanding and Using debug Commands [LINK]

December 12, 2011 | Filed Under Network, Tech 
Your Ad Here

Comments

Leave a Reply

You must be logged in to post a comment.

server space web hosting transition backup Tech Ed SEA 2008 Tech·Ed SEA 2008 Limited Edition T-shirt MPLS freebies Microsoft TechEd SEA 2008 IP Bgp hosting Wine Registry Tweak blogging VMware phishing DHCP contest Putty Freeware Photography router Security Ubuntu Linux Cisco Microsoft Network