错误报警:
DTLS-3-HANDSHAKE_FAILURE: witch 1 R0/0: wcm: Failed to complete DTLS handshake with peer 10.x.x.x for AP hhhh.hhhh.hhhheason: certificate verify failed错误原因:
1142 出厂证书过期,导致AP无法与3650建立连接
处理方法:
crypto pki certificate map map1 1
issuer-name co cisco manufacturing ca
crypto pki trustpool policy
revocation-check none
match certificate map1 allow expired-certificate验证
show crypto pki trustpool policy
Trustpool Policy
Chain validation will stop at the first CA certificate in the pool
Trustpool CA certificates will expire 07:59:59 Beijing Aug 3 2028
Trustpool revocation checking is disabled:
Certificate matching is disabled
Policy Overrides:
map: map1
match: issuer-name co cisco manufacturing ca
action: allow expired certificates
参考: