This chapter focuses on the steps you can use to troubleshoot a PKI-related problem. The intent is not to provide an exhaustive list of possible issues, but rather to teach you how to approach the problem and narrow down the possible failure cause. In some instances, assistance from Cisco TAC is ultimately be required, but by identifying failure points as precisely as possible, you might resolve issues without assistance.
This chapter is divided into three sections that map the lifetime of the certificate:
The examples are given for Cisco IOS-based devices but are applicable to other components such as Cisco ASA Firewalls.