Hi Guys,
I am trying to save the CA certificate generated by the router on the tftp
server.
The first couple of steps work fine and I see 2 files (.pub and .prv) on my
TFTP server. I can review both keys in note pad.
By the way this is all working thru ASA on tftp port 69.
But when I create "cry pki server NAME" and issue the command "no shut" I
get the following error that it cannot write .ser file to tftp server. Any
suggestion will help me get through this issue. I do not see any deny on the
ASA.
R2(cs-server)#database url tftp:
% Server database url was changed. You need to move the
% existing database to the new location.
R2(cs-server)#no shut
%Some server settings cannot be changed after CA certificate generation.
% Please enter a passphrase to protect the private key
% or type Return to exit
Password:
Re-enter password:
% There was a problem writing 'IOS-CA.ser' to certificate storage.
% Please verify storage accessibility
% and enable the server again.
R2(cs-server)#
Mar 1 02:20:04.403: %PKI-3-CS_CRIT_STORAGE: Critical certificate storage,
tftp:///IOS-CA.ser, is inaccessible, server disabled.
R2(cs-server)#
Blogs and organic groups at http://www.ccie.net
Received on Wed Dec 15 2010 - 21:46:14 ART
This archive was generated by hypermail 2.2.0 : Sat Jan 01 2011 - 09:37:49 ART