- After upgrading (reinstalling) from EM 1.2 version to 1.3 have tried to deploy IWAN with 2 remote Sites and 2 Service Provider (DCs) and have no problems deploying HUB site but had an issue with TRANIST-HUB-1 with these error:
*Oct 27 13:08:25.251 GMT: CRYPTO_PKI: status = 0x747(E_EOS : end of i/o stream): Imported PKCS12 file failure
*Oct 27 13:08:25.251 GMT: %PKI-6-PKCS12IMPORT_FAIL: PKCS #12 Import Failed.
Underlay and Overlay configuration in site TRANSIT-HUB-1 failed. PKI configuration failed for device 10.X.X.1
- Failed to download PKCS12
- had tested this topology before with version 1.2 and was working as expected.
So long as the correct configuration is pushed from apic-em-pki-broker service through apic-em-network-programmer on behalf of iWAN Manager (visibility-service), the actual download of PKCS12 certs would depend on routing and firewalling etc. between the actual device and APIC-EM controller.
Please sign in to leave a comment.