top of page

certificate verify failed, certificate is not yet valid, could not perform CA authentication

MDS1(config)# ip domain-name iementor.com Next generate the crypto key pair:
MDS1(config)# crypto key generate rsa exportable modulus 512 Create the trustpoint
MDS1(config)# crypto ca trustpoint MGMT-CAMDS1(config-trustpoint)# enrollment terminalMDS1(config-trustpoint)# rsakeypair MDS1.iementor.comMDS1(config-trustpoint)# exit You should have a stand-alone root CA configured. On your root CA you need to grab the CA's certificate in Base64 encoded text to use in the next step. Here is where you may get the error:
MDS1(config)# crypto ca authenticate MGMT-CAinput (cut & paste) CA certificate (chain) in PEM format;end the input with a line containing only END OF INPUT :-----BEGIN CERTIFICATE-----MIIDYDCCAkigAwIBAgIQHuXV+nDo9qdMaPNodwwjpzANBgkqhkiG9w0BAQUFADATMREwDwYDVQQDEwhpZW1lbnRvcjAeFw0xMDA3MjQxNjU1NDBaFw0xNTA3MjQxNzA0MTBaMBMxETAPBgNVBAMTCGllbWVudG9yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA28P8JDgKrB95KqqMejIy27GgmNPX3e1wZ1KuQLfj+OwO29C0G7bGmP3EFA3gRvtk05LJYp2ubR+tPHpTr2XxKuN7c8QyQgPIZnWZSekR71cBjVHoVcau3zhHR0zYIQIwr40Zz/q8G+FccCtriGbk+EtS+/KRgS2iiiyj5XnIZiW91nCPHgMqjsW+4jxaJ0d3aRy9gJeonwnsqEatks8j0DMven946UeSWhRLfzwcnf01DjXKx5dhHAmJDW2uxpqKTNxThvcjKluegIj073IS3w6gQiwcWodmt0rQt7jhCKNglFWSdr+GLiSuYpwcNdcF2zjbwh6HGmh1NIQ5so1dlwIDAQABo4GvMIGsMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRLODulwpFIMHazwYaUL3HfVC21YzBbBgNVHR8EVDBSMFCgTqBMhiNodHRwOi8vbWdtdC9DZXJ0RW5yb2xsL2llbWVudG9yLmNybIYlZmlsZTovL1xcbWdtdFxDZXJ0RW5yb2xsXGllbWVudG9yLmNybDAQBgkrBgEEAYI3FQEEAwIBADANBgkqhkiG9w0BAQUFAAOCAQEAH5CHgL8hE7ftAQnO+bPd5l01ewblymP39sKsT3T4SkRBurh7U4Sl1zCd5nqn8jeRbaFvp870KE3uOWtZPMu9ARjKfhDQGzlPaERaOZMkrHVHRkhLg71x99YBFpAlFLQxcISqp+mFRQzo9vZPqW68Ll9AWGKl53We02Gy2W/wRoi+8O2cc6bUs5PrrpI8Qe2hHzSPxkUTgAiln/fp4SlA+pzfU2hyGnCmYR/oTrgYsliogd0HlzDZirGMA6rKjxSykxgmyMJ9yeB1cj3qr2Hkzdg6LKYrZjgtVQXO2c7iNZWye4jJ3FQ0Dj0y7vNXHQGxkmghQMBM3GzcAUdQ3Q2Jgg==-----END CERTIFICATE-----END OF INPUTcertificate verify failedcertificate is not yet validcould not perform CA authentication The most likely reason for this error is that the clocks on the two systems are not synchronized. Certificates are time based and valid for a specific period of time, so its important the clocks are in sync. Simply make sure the CA Server's clock is using the same NTP time source as the MDS. You will then need to go into Certificate Services on Windows and re-issue the certificate, download it once again, and paste it in:
MDS1(config)# crypto ca authenticate MGMT-CAinput (cut & paste) CA certificate (chain) in PEM format;end the input with a line containing only END OF INPUT :-----BEGIN CERTIFICATE-----MIIDjTCCAnWgAwIBAgIQGNP7YFhq9J1ApFuEkLEdkzANBgkqhkiG9w0BAQUFADATMREwDwYDVQQDEwhpZW1lbnRvcjAeFw0xMDA3MjQxNjQ3NDRaFw0xNTA3MjQxNzA1MTBaMBMxETAPBgNVBAMTCGllbWVudG9yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyJRmthcHHUpPAoCyNMN3wRCDG5yrhWm3ZKKYIQmwEkUt6AeGBngv7SLMs1jrsO7rvF3yU99b8aMaR99/m/7iZfQTEW16GETkupOwYg+a23+RXIOcfrZh6lB62ZnVqErC0aOoYjZm29+6APzmCSziCoPeJgNV/VplT5kETiiB8ARmeBKMmcIPydThNo6MQjevAg9na5RDy3T0vX8aUzKfh8pq51JqUtecJvRCfp5N3bwcnoH4qyUaL0gMgOGvWy52EpC27BEXCyiG6UpaMFudxDJvmPI7bV0dIm4bcUT5C+YjT4hIeifqt3aXOaJyv4cgrPoudfs9uT+/gzJPxHbU/QIDAQABo4HcMIHZMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQqvkFwz9GQUhuBAuye6gFPWb5c5jBhBgNVHR8EWjBYMFagVKBShiZodHRwOi8vbWdtdC9DZXJ0RW5yb2xsL2llbWVudG9yKDEpLmNybIYoZmlsZTovL1xcbWdtdFxDZXJ0RW5yb2xsXGllbWVudG9yKDEpLmNybDASBgkrBgEEAYI3FQEEBQIDAQABMCMGCSsGAQQBgjcVAgQWBBShQeqSYRzxZvHmz7OqiQsBPmkv6jANBgkqhkiG9w0BAQUFAAOCAQEAK4TG5nO1WWyo/FXkR8s4mWPcSFXybOc4b+SFD5JsLv5aXwpuZ7NlLNw9DpKG1HFfaqSlgDuCdQu2T8ATG1UmG5ph+3WwXu0DV3GewpRVdfLtKXySeHdGSnEeg5YB5y7uSimfK4FgzReDRHQv5WMntk6UCDXr9bCQ10t/oxqe5o3Xgo6SzF2GToV4NjpmJFxcQIRsZfAJAFriB7JsK5TeiVyyQOX749cKAFi3+8XlIcqXtnqNivK2Lm7AgMtxusu3nGypT7VJzLajOe5iRzuc6KQJOE0JNZNEvhLu9Hg/HniDjUW8kZ8e1XtcsvW6gqOEclBEfHbCJvq39cZEFXmLZQ==-----END CERTIFICATE-----END OF INPUTFingerprint(s): MD5 Fingerprint=AA:3A:3D:28:95:99:C7:66:D4:D7:FA:7B:2C:60:C4:63Do you accept this certificate? :yesMDS1(config)#

Recent Posts

See All

Fibre Channel Credits vs. FCoE's "Pause"

At 1Gbps a FC frame is 4km long, at 2Gbps a frame is 2km long, and at 4Gbps a frame is 1km long. A 10km cable is 20km round trip.  Round trip must be accounted for since the R_RDY packet reply from th

Comments


Hi, thanks for stopping by!

I'm a paragraph. Click here to add your own text and edit me. I’m a great place for you to tell a story and let your users know a little more about you.

Let the posts
come to you.

Thanks for submitting!

  • Facebook
  • Instagram
  • Twitter
  • Pinterest
bottom of page