Enroll Cert fails on IOS 12.4 from cisco pc client. What other products?

Unanswered Question
Aug 2nd, 2007
User Badges:

I've been really struggling with the pc certificate request/enrollment trying various versions of Cisco VPN CLient 4.6,4.8,5.0. I've tried every combination of scep and/or file binary/file base 64 without any promise of avoiding errors all leading me to believe a bad certificate was created.


I'm using Cisco's IOS 12.4(13b) as CA server and have tried to connect to both RA and CA.


Common enrollment error at router IOS:

--------------------------------------


Aug 2 16:10:10.910: CRYPTO_CS: received an enrollment request

Aug 2 16:10:10.918: E ../cert-c/source/certobj.c(691) : Error #705h

Aug 2 16:10:10.918: CRYPTO_CS: failed to set the cert object

Aug 2 16:10:21.888: CRYPTO_CS: Granting enrollment request 15

Aug 2 16:10:21.892: CRYPTO_CS: added CDP extension

Aug 2 16:10:21.892: CRYPTO_CS: added key usage extension

Aug 2 16:10:22.809: CRYPTO_CS: serial number 0x10 written.

Aug 2 16:10:22.914: CRYPTO_CS: reqID=15 granted, fingerprint=8D150C0D95F736A76D

92EED700924315




A client enroll error is:

-------------------------


1 10:58:49.362 08/02/07 Sev=Warning/3 CERT/0xA360000C

Certificate import failed - ImportMyCertAndKey: 1797


2 10:58:49.362 08/02/07 Sev=Warning/3 CERT/0xA360000C

Certificate import failed - ImportCertFromPkcs12File fail: 1797



I've attached a file of the run-time error from the IOS which is similar to the clients run-time below, but much more imformative:

-------------------------------------------------------


1 16:28:30.598 08/01/07 Sev=Warning/3 IKE/0xE3000081

Invalid remote certificate id: ID_FQDN: ID = vpn-end.gplops.org, Certificate = [NULL]


2 16:28:30.598 08/01/07 Sev=Warning/3 IKE/0xE3000058

The peer's certificate doesn't match Phase 1 ID


3 16:28:30.618 08/01/07 Sev=Warning/2 IKE/0xE30000A5

Unexpected SW error occurred while processing Identity Protection (Main Mode) negotiator:(Navigator:2202)



What other products are inexpensive yet dependable, because need a low cost approach to roll it out. Small shop, planned # of vpn users is less than 25.


Help...



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
mchin345 Wed, 08/08/2007 - 17:57
User Badges:
  • Silver, 250 points or more

In order to reolve this issue, use up to 64 characters in the CN field as the CN field is currently limited to 64 characters only.

Actions

This Discussion