Chapter 4. Troubleshooting

This chapter focuses on the steps you can use to troubleshoot a PKI-related problem. The intent is not to provide an exhaustive list of possible issues, but rather to teach you how to approach the problem and narrow down the possible failure cause. In some instances, assistance from Cisco TAC is ultimately be required, but by identifying failure points as precisely as possible, you might resolve issues without assistance.

This chapter is divided into three sections that map the lifetime of the certificate:

Keying Material Generation

Enrollment Process

Certificate Use and Validation

The examples are given for Cisco IOS-based devices but are applicable to other components such as Cisco ASA Firewalls.

Keying Material ...

Get PKI Uncovered: Certificate-Based Security Solutions for Next-Generation Networks now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.