asa ca enrollment

Unanswered Question

I want to authenticate my ipsec vpn client by using certificate. I am using asa5540 as ipsec vpn server. The first step I should do is create an trustpoint and authenticate it to ca. the trustpoint name is knasaca


when I execute the command


crypto ca authenticate knasaca


I have encountered the debug output below

crypto_ca_get_ca_certificate(17793220, 169d0a0)

crypto_pki_req(17793220, 11, ...)

Crypto CA thread wakes up!


CRYPTO_PKI: Sending CA Certificate Request:

GET /cgi-bin/pkiclient.exe?operation=GetCACert&message=knasaca HTTP/1.0


CRYPTO_PKI: http connection opened

CRYPTO_PKI: content dump count 75----------

CRYPTO_PKI: For function crypto_http_send

GET /cgi-bin/pkiclient.exe?operation=GetCACert&message=knasaca HTTP/1.0


CRYPTO_PKI: For function crypto_http_send

CRYPTO_PKI: content dump-------------------


ERROR: receiving Certificate Authority certificate: status = FAIL, cert length = 0

asavpn(config)#

CRYPTO_PKI: HTTP response header:

HTTP/1.1 404 Object Not Found

Server: Microsoft-IIS/5.0

Date: Thu, 19 Apr 2007 08:14:03 GMT

Content-Length: 4040

Content-Type: text/html


Content-Type indicates we did not receive a certificate.


CRYPTO_PKI: transaction GetCACert completedCrypto CA thread sleeps!



what can be the problem.

is there anyone who can send me the prosedure to accomplish fully ca configuration.


thanks in advance

Dogan


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
gmarogi Fri, 04/27/2007 - 04:59
User Badges:
  • Bronze, 100 points or more

This chapter describes how to configure certificates. CAs are responsible for managing certificate requests and issuing digital certificates. A digital certificate contains information that identifies a user or device. Some of this information can include a name, serial number, company, department, or IP address. A digital certificate also contains a copy of the public key for the user or device. A CA can be a trusted third party, such as VeriSign, or a private (in-house) CA that you establish within your organization.


http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_70/config/certs.htm

Actions

This Discussion