Symptom
.p12 rollover certificate may not be generated on SubCA. The issue is intermittent.
Conditions
1) IOS Router configured as SubCA
2) Database archive configured to generate PKCS#12
3) Shadow certificate granted by the RootCA to SubCA
crypto pki server
mode sub-cs
database url p12 ...
Further Problem Description
PKI log messages does not show the issue.
Jun 14 21:15:18.321: %PKI-6-CS_ROLLOVER_AVAILABLE: [Sub/RA]CS Rollover certificate has been generated for ,and it will be activated at
Jun 14 21:15:18.325: %PKI-4-NOSHADOWAUTOSAVE: Configuration was modified. Issue "write memory" to save new IOS CA certificate
Jun 14 21:15:18.326: %PKI-4-NOAUTOSAVE: Configuration was modified. Issue "write memory" to save new certificate
