01-31-2008 10:46 PM - edited 03-09-2019 08:01 PM
Hi.
I tried to implement Query mode for certificate obtaining. CA and client routers both run IOS 12.4(15)T1 and they have following configurations:
CA
!
crypto pki server ca
database level complete
grant auto
lifetime crl 1
cdp-url http://172.20.90.91/ca.crl
database url disk0:
!
crypto pki trustpoint ca
ip-address GigabitEthernet0/0
revocation-check crl
rsakeypair ca
!
!
crypto pki certificate chain ca
certificate ca 01
308202F8 308201E0 A0030201 02020101 300D0609 2A864886 F70D0101 04050030
:
8D6883B4 C9681095 9535861F D58417C6 1897DE8A 68A716FE D67B83FB
quit
!
client
!
crypto pki trustpoint CA
enrollment url http://172.20.90.91:80
serial-number none
ip-address none
fingerprint FB2DF4C0A6242C392DAF9C6D811F32CE
subject-name CN=ubc.test
query certificate
revocation-check crl
rsakeypair UBC 768
!
!
crypto pki certificate chain CA
certificate ca 01 query
fingerprint FB2DF4C0A6242C392DAF9C6D811F32CE
certificate 1A query
!
I successfully obtained root and identity certificates at the beginning. But when I reloaded the client it could not get its certificate.
Can anybody give my some light - what did I miss?
With best regards,
Maxim
02-01-2008 06:50 AM
Clock?
02-04-2008 08:20 PM
No. Clocks are fine. Both routers are synced to one time source.
Is there anything else I have to check?
Maxim
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: