Cisco Security Manager 3.2.1 Sp1 and Public Key Infrastructure

Unanswered Question
Jun 2nd, 2009

Hi, all!

Recently I created configuration on PIX (FOS 7.2.4) with Cisco Security Manager 3.2.1 Sp1 to allow to work with certificate-based authentication of VPN connections. CSM created necessary commands (and unfortunately many necessary commands left unsupported too). But every time I upload new configuration (even with untouched PKI configuration) CSM adds following command - "crypto ca enroll CA-NAME noconfirm".

Right now I created FlexConfig which just do "no crypto ca....". And it works. But is there more clean solution? Why do I need to enroll every deployment?

Wait for answers.

With best regards


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
k.abillama Wed, 05/26/2010 - 01:00


I'm having the same problem for one of our customers! but flexconfig didn't work!

Can you please be more specific what exactly you did! Flex config doens't remove generated command it's adding the no crypto ca enroll 'trustpoint name' after the generated crypto ca enroll 'trustpoint name'

I've been also looking for related bugs but didn't find any!



This Discussion