Hi, I'm wondering about the requirements for RA certificates to enroll with a Cisco VPN Client.
I'm using Cisco VPN Client 5.0 on windows XP towars an EJBCA CA.
The CA is set up with a simple Root CA for SCEP.
If I enroll directly with the CA all works fine.
I have set up an RA, where the RA certificate is signed directly by the CA. My RA certificate has keyUsage digitalSignature and keyEncipherment and basicContraints=false.
When I try to enroll with the RA I get this message:
41 11:29:28.890 02/08/08 Sev=Info/4 CERT/0x63600022
Setting key size of 2048 for pkcs10 request.
42 11:29:29.375 02/08/08 Sev=Warning/2 CERT/0xE3600016
Failure on: Locating RA Encryption Certificate.
The RA sends the RA and CA certificate to the VPN client with mime-type application/x-x509-ca-ra-cert. The VPN client even stores the certificates, and says both the RA and the CA cert is valid.
Why will the VPN client no accept the RA certificate as an RA encryption certificate?