Symptom
1) The CA server is not working after a reload.
2) The following log message can be seen: %PKI-2-CS_CERT_NOT_PRESENT: Certificate server certificate not present.
3) The server is disabled, the status shows "Wait for CA certificate availability".
show crypto pki server:
Certificate Server WLC_CA:
Status: disabled, Wait for CA certificate availability <<< the status is disabled
State: check failed
Server's configuration is locked (enter "shut" to unlock it)
Issuer name:
CA cert fingerprint:
Granting mode is: auto
Last certificate issued serial number (hex): 0
CA certificate expiration timer: 09:00:00 JST Jan 1 1970
CRL not present.
Current primary storage dir: nvram:
Database Level: Minimum - no cert data written to storage
Redundancy configured. This is active.
4) The CA certificate is not present in the running-configuration; however, RSA keys are not lost.
Conditions
The issue has been found for:
Hardware: VM // C9800-CL
Software: 16.12.4a
Workaround
Remove the CA server "crypto pki server" and "crypto pki trustpoint" configurations and configure the CA server again.
Further Problem Description
The issue was found and reproduced in the HA setup (redundancy SSO).
