I try to set up Certificate Authority server to support small vpn network . My CA-sever is IOS router with installed IOS version 12.4(18e). For CA-server to support my routers I need to start http-server on the CA-router. Right now the router has following relevant configuration:
aaa authentication login default group tacacs+ local enable
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ local
aaa authorization commands 15 default group tacacs+ local
ip http server
ip http max-connections 16
ip http path flash:
crypto pki server ca
The process of certificate generation works prefect - I can obtain certificates easily.
The problem starts when routers tries to obtain CRL. CRL is located on the CA-router and should be accessed via plain http. But latest IOS http-servers require http authentication to connect to them. I tried several options to support authentication. But it's still without success. I have another requirement - one of device is Cisco VPN3K. And it's not possible (as far as I know) to set up some form of username/password.
Can anybody suggest some solution to suppress http-authentication? Or maybe there is some other solution to put CRL somewhere to be accessible?
Wait for any options.