Introduction
This document describes how to solve the problem that occurs when connectivity to Smart Licensing server can not be established via HTTPS on ASR 9000 series router.
Problem
Sometimes, when the connectivity to Cisco Smart Software Manager (CSSM) is established, HTTPS port 443 is reachable. However, it reports that Smart Licensing does not work with this error:
"RP/0/RSP0/CPU0:Aug 14 12:57:51.562 UTC: smartlicserver[135]: %LICENSE-SMART_LIC-3-AGENT_REG_FAILED : Smart Agent for Licensing Registration with Cisco licensing cloud failed: Fail to send out Call Home HTTP message"
Generally, this issue is related with the fact that ASR 9000 router is not able to check on the Certificate Revocation List (CRL) server if the server's certificate used in order to establish HTTPS connection is valid or revoked.
Usually, access for ASR 9000 router is provided only to CSSM or to satellite CSSM that is in internal network. CRL server is outside of the internal network and in order for it to be reachable you need to grant access for ASR 9000 router on their security firewall.
Solution
There are two solutions:
- Grant access to the ASR9K router to reach CRL server outside the internal network
- Configure CRL check with this command
(config)# crypto ca trustpool policy
(config-trustpool)#crl optional
Feedback