ISAKMP / IKE: Router cert not found

Discussion in 'Cisco' started by jt, May 16, 2004.

  1. jt

    jt Guest

    Dear all,
    ----------------------------------

    perhaps someone out there can point me in the right direction.
    I have a 800 box whose CA setup was switched and whose certs were renewed.
    Everything
    releated to enrollment ( M$ CA on W2K SP4 , Standalone ) went just fine, but
    whilst trying to
    switch it live, IKE negotiation bounced with :

    May 16 17:40:06.051: ISAKMP (0:1): can't find router cert for signature!
    May 16 17:40:06.051: ISAKMP (1): issuer name is not a trusted root.
    May 16 17:46:14.291: ISAKMP (0:1): no valid cert found to return

    The CA is named identical on both units ond all three certs are available on
    either side.
    The private RSA key pairs are available, too and of 512' size


    CA Certificate
    Status: Available
    Certificate Serial Number: 542FAA4CD2C892B944CBC3129DAB200F
    Certificate Usage: General Purpose

    RA KeyEncipher Certificate
    Status: Available
    Certificate Serial Number: 172AE25100000000000F
    Certificate Usage: Encryption

    RA Signature Certificate
    Status: Available
    Certificate Serial Number: 172AE10700000000000E
    Certificate Usage: Signature
    Issuer:

    Greets

    jt
     
    jt, May 16, 2004
    #1
    1. Advertisements

  2. jt

    jt Guest

    I forgot to mention that the head-end device was also switched and enrolled
    with the new CA, of course.
     
    jt, May 16, 2004
    #2
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.