PKI: Query mode

Unanswered Question
Jan 31st, 2008
User Badges:

Hi.


I tried to implement Query mode for certificate obtaining. CA and client routers both run IOS 12.4(15)T1 and they have following configurations:

CA

!

crypto pki server ca

database level complete

grant auto

lifetime crl 1

cdp-url http://172.20.90.91/ca.crl

database url disk0:

!

crypto pki trustpoint ca

ip-address GigabitEthernet0/0

revocation-check crl

rsakeypair ca

!

!

crypto pki certificate chain ca

certificate ca 01

308202F8 308201E0 A0030201 02020101 300D0609 2A864886 F70D0101 04050030

:

8D6883B4 C9681095 9535861F D58417C6 1897DE8A 68A716FE D67B83FB

quit

!


client

!

crypto pki trustpoint CA

enrollment url http://172.20.90.91:80

serial-number none

ip-address none

fingerprint FB2DF4C0A6242C392DAF9C6D811F32CE

subject-name CN=ubc.test

query certificate

revocation-check crl

rsakeypair UBC 768

!

!

crypto pki certificate chain CA

certificate ca 01 query

fingerprint FB2DF4C0A6242C392DAF9C6D811F32CE

certificate 1A query

!


I successfully obtained root and identity certificates at the beginning. But when I reloaded the client it could not get its certificate.

Can anybody give my some light - what did I miss?


With best regards,

Maxim

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Maxim Zimovets Mon, 02/04/2008 - 20:20
User Badges:

No. Clocks are fine. Both routers are synced to one time source.


Is there anything else I have to check?


Maxim

Actions

This Discussion