certificate verify failed, certificate is not yet valid, could not perform CA authentication

MDS1(config)# ip domain-name iementor.com Next generate the crypto key pair:

MDS1(config)# crypto key generate rsa exportable modulus 512 Create the trustpoint

MDS1(config)# crypto ca trustpoint MGMT-CAMDS1(config-trustpoint)# enrollment terminalMDS1(config-trustpoint)# rsakeypair MDS1.iementor.comMDS1(config-trustpoint)# exit You should have a stand-alone root CA configured. On your root CA you need to grab the CA's certificate in Base64 encoded text to use in the next step. Here is where you may get the error:

MDS1(config)# crypto ca authenticate MGMT-CAinput (cut & paste) CA certificate (chain) in PEM format;end the input with a line containing only END OF INPUT :-----BEGIN CERTIFICATE-----MIIDYDCCAkigAwIBAgIQHuXV+nDo9qdMaPNodwwjpzANBgkqhkiG9w0BAQUFADATMREwDwYDVQQDEwhpZW1lbnRvcjAeFw0xMDA3MjQxNjU1NDBaFw0xNTA3MjQxNzA0MTBaMBMxETAPBgNVBAMTCGllbWVudG9yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA28P8JDgKrB95KqqMejIy27GgmNPX3e1wZ1KuQLfj+OwO29C0G7bGmP3EFA3gRvtk05LJYp2ubR+tPHpTr2XxKuN7c8QyQgPIZnWZSekR71cBjVHoVcau3zhHR0zYIQIwr40Zz/q8G+FccCtriGbk+EtS+/KRgS2iiiyj5XnIZiW91nCPHgMqjsW+4jxaJ0d3aRy9gJeonwnsqEatks8j0DMven946UeSWhRLfzwcnf01DjXKx5dhHAmJDW2uxpqKTNxThvcjKluegIj073IS3w6gQiwcWodmt0rQt7jhCKNglFWSdr+GLiSuYpwcNdcF2zjbwh6HGmh1NIQ5so1dlwIDAQABo4GvMIGsMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBRLODulwpFIMHazwYaUL3HfVC21YzBbBgNVHR8EVDBSMFCgTqBMhiNodHRwOi8vbWdtdC9DZXJ0RW5yb2xsL2llbWVudG9yLmNybIYlZmlsZTovL1xcbWdtdFxDZXJ0RW5yb2xsXGllbWVudG9yLmNybDAQBgkrBgEEAYI3FQEEAwIBADANBgkqhkiG9w0BAQUFAAOCAQEAH5CHgL8hE7ftAQnO+bPd5l01ewblymP39sKsT3T4SkRBurh7U4Sl1zCd5nqn8jeRbaFvp870KE3uOWtZPMu9ARjKfhDQGzlPaERaOZMkrHVHRkhLg71x99YBFpAlFLQxcISqp+mFRQzo9vZPqW68Ll9AWGKl53We02Gy2W/wRoi+8O2cc6bUs5PrrpI8Qe2hHzSPxkUTgAiln/fp4SlA+pzfU2hyGnCmYR/oTrgYsliogd0HlzDZirGMA6rKjxSykxgmyMJ9yeB1cj3qr2Hkzdg6LKYrZjgtVQXO2c7iNZWye4jJ3FQ0Dj0y7vNXHQGxkmghQMBM3GzcAUdQ3Q2Jgg==-----END CERTIFICATE-----END OF INPUTcertificate verify failedcertificate is not yet validcould not perform CA authentication The most likely reason for this error is that the clocks on the two systems are not synchronized. Certificates are time based and valid for a specific period of time, so its important the clocks are in sync. Simply make sure the CA Server's clock is using the same NTP time source as the MDS. You will then need to go into Certificate Services on Windows and re-issue the certificate, download it once again, and paste it in:

MDS1(config)# crypto ca authenticate MGMT-CAinput (cut & paste) CA certificate (chain) in PEM format;end the input with a line containing only END OF INPUT :-----BEGIN CERTIFICATE-----MIIDjTCCAnWgAwIBAgIQGNP7YFhq9J1ApFuEkLEdkzANBgkqhkiG9w0BAQUFADATMREwDwYDVQQDEwhpZW1lbnRvcjAeFw0xMDA3MjQxNjQ3NDRaFw0xNTA3MjQxNzA1MTBaMBMxETAPBgNVBAMTCGllbWVudG9yMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAyJRmthcHHUpPAoCyNMN3wRCDG5yrhWm3ZKKYIQmwEkUt6AeGBngv7SLMs1jrsO7rvF3yU99b8aMaR99/m/7iZfQTEW16GETkupOwYg+a23+RXIOcfrZh6lB62ZnVqErC0aOoYjZm29+6APzmCSziCoPeJgNV/VplT5kETiiB8ARmeBKMmcIPydThNo6MQjevAg9na5RDy3T0vX8aUzKfh8pq51JqUtecJvRCfp5N3bwcnoH4qyUaL0gMgOGvWy52EpC27BEXCyiG6UpaMFudxDJvmPI7bV0dIm4bcUT5C+YjT4hIeifqt3aXOaJyv4cgrPoudfs9uT+/gzJPxHbU/QIDAQABo4HcMIHZMAsGA1UdDwQEAwIBhjAPBgNVHRMBAf8EBTADAQH/MB0GA1UdDgQWBBQqvkFwz9GQUhuBAuye6gFPWb5c5jBhBgNVHR8EWjBYMFagVKBShiZodHRwOi8vbWdtdC9DZXJ0RW5yb2xsL2llbWVudG9yKDEpLmNybIYoZmlsZTovL1xcbWdtdFxDZXJ0RW5yb2xsXGllbWVudG9yKDEpLmNybDASBgkrBgEEAYI3FQEEBQIDAQABMCMGCSsGAQQBgjcVAgQWBBShQeqSYRzxZvHmz7OqiQsBPmkv6jANBgkqhkiG9w0BAQUFAAOCAQEAK4TG5nO1WWyo/FXkR8s4mWPcSFXybOc4b+SFD5JsLv5aXwpuZ7NlLNw9DpKG1HFfaqSlgDuCdQu2T8ATG1UmG5ph+3WwXu0DV3GewpRVdfLtKXySeHdGSnEeg5YB5y7uSimfK4FgzReDRHQv5WMntk6UCDXr9bCQ10t/oxqe5o3Xgo6SzF2GToV4NjpmJFxcQIRsZfAJAFriB7JsK5TeiVyyQOX749cKAFi3+8XlIcqXtnqNivK2Lm7AgMtxusu3nGypT7VJzLajOe5iRzuc6KQJOE0JNZNEvhLu9Hg/HniDjUW8kZ8e1XtcsvW6gqOEclBEfHbCJvq39cZEFXmLZQ==-----END CERTIFICATE-----END OF INPUTFingerprint(s): MD5 Fingerprint=AA:3A:3D:28:95:99:C7:66:D4:D7:FA:7B:2C:60:C4:63Do you accept this certificate? :yesMDS1(config)#