Common Troubleshooting Commands In The Cli; Digital Certificate Issues; Ca Will Not Generate Identity Certificate - Cisco 9134 - MDS Multilayer Fabric Switch Troubleshooting Manual

Digital Certificate Issues

S e n d d o c u m e n t a t i o n c o m m e n t s t o m d s f e e d b a c k - d o c @ c i s c o . c o m

Common Troubleshooting Commands in the CLI

The following commands may be useful in troubleshooting digital certificate issues:
•
•
•
•
Digital Certificate Issues
This section describes troubleshooting digital certificates and includes the following topics:
•
•
•
•
•

CA Will Not Generate Identity Certificate

Symptom
Table 24-2 CA Will Not Generate Identity Certificate
Symptom Possible Cause
CA will not generate FQDN is not configured.
an identity certificate.
Empty challenge password is specified. Specify a non-empty challenge password during
Cisco MDS 9000 Family Troubleshooting Guide, Release 3.x
24-4
show crypto ca certificates
show crypto key
show crypto ca crl
show crypto ca trustpoint
CA Will Not Generate Identity Certificate, page 24-4
Cannot Export Identity Certificate in PKCS#12 Format, page 24-5
Certificate Fails at Peer, page 24-5
PKI Fails After Reboot, page 24-10
Cannot Import Certificate and RSA Key Pairs from Backup, page 24-10
CA will not generate an identity certificate.
Chapter 24
Solution
Configure the host name and the IP domain name. Choose
Switches in Fabric Manager and set the LogicalName field
to the host name. Choose Switches > Interfaces >
Management > DNS and set the DefaultDomainName
field.
Or use the hostname and the ip domain-name CLI
commands.
enrollment.
Create exportable RSA keys. Choose Switches > Security
> PKI in Fabric Manager and click the Trustpoint Action
tab. Select certreq from the Command drop-down menu,
fill in the URL field and enter the challenge password in the
Password field. Click Apply Changes.
Or use the crypto ca enroll CLI command and enter a
challenge password during enrollment.
Troubleshooting Digital Certificates
OL-9285-05