Send documentation comments to mdsfeedback-doc@cisco.com
24-4
Cisco MDS 9000 Family Troubleshooting Guide, Release 3.x
OL-9285-05
Chapter 24 Troubleshooting Digital Certificates
Digital Certificate Issues
Common Troubleshooting Commands in the CLI
The following commands may be useful in troubleshooting digital certificate issues:
• show crypto ca certificates
• show crypto key
• show crypto ca crl
• show crypto ca trustpoint
Digital Certificate Issues
This section describes troubleshooting digital certificates and includes the following topics:
• CA Will Not Generate Identity Certificate, page 24-4
• Cannot Export Identity Certificate in PKCS#12 Format, page 24-5
• Certificate Fails at Peer, page 24-5
• PKI Fails After Reboot, page 24-10
• Cannot Import Certificate and RSA Key Pairs from Backup, page 24-10
CA Will Not Generate Identity Certificate
Symptom CA will not generate an identity certificate.
Table 24-2 CA Will Not Generate Identity Certificate
Symptom Possible Cause Solution
CA will not generate
an identity certificate.
FQDN is not configured. Configure the host name and the IP domain name. Choose
Switches in Fabric Manager and set the LogicalName field
to the host name. Choose Switches > Interfaces >
Management > DNS and set the DefaultDomainName
field.
Or use the hostname and the ip domain-name CLI
commands.
Empty challenge password is specified. Specify a non-empty challenge password during
enrollment.
Create exportable RSA keys. Choose Switches > Security
> PKI in Fabric Manager and click the Trustpoint Action
tab. Select certreq from the Command drop-down menu,
fill in the URL field and enter the challenge password in the
Password field. Click Apply Changes.
Or use the crypto ca enroll CLI command and enter a
challenge password during enrollment.
To Next Page
Loading...
Need help?
General