cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
390
Views
0
Helpful
2
Replies

PKI: Query mode

Maxim Zimovets
Level 1
Level 1

Hi.

I tried to implement Query mode for certificate obtaining. CA and client routers both run IOS 12.4(15)T1 and they have following configurations:

CA

!

crypto pki server ca

database level complete

grant auto

lifetime crl 1

cdp-url http://172.20.90.91/ca.crl

database url disk0:

!

crypto pki trustpoint ca

ip-address GigabitEthernet0/0

revocation-check crl

rsakeypair ca

!

!

crypto pki certificate chain ca

certificate ca 01

308202F8 308201E0 A0030201 02020101 300D0609 2A864886 F70D0101 04050030

:

8D6883B4 C9681095 9535861F D58417C6 1897DE8A 68A716FE D67B83FB

quit

!

client

!

crypto pki trustpoint CA

enrollment url http://172.20.90.91:80

serial-number none

ip-address none

fingerprint FB2DF4C0A6242C392DAF9C6D811F32CE

subject-name CN=ubc.test

query certificate

revocation-check crl

rsakeypair UBC 768

!

!

crypto pki certificate chain CA

certificate ca 01 query

fingerprint FB2DF4C0A6242C392DAF9C6D811F32CE

certificate 1A query

!

I successfully obtained root and identity certificates at the beginning. But when I reloaded the client it could not get its certificate.

Can anybody give my some light - what did I miss?

With best regards,

Maxim

2 Replies 2

f.aoun
Level 1
Level 1

Clock?

No. Clocks are fine. Both routers are synced to one time source.

Is there anything else I have to check?

Maxim

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: