Please help regarding configuring IOS-CA

Unanswered Question
Oct 2nd, 2010
User Badges:

R4 is my CA-server ...while R5 is my ca-client...while r5 requesting certificate from R4 getting the following error:


R5(config)#crypto pki authenticate IOS-CA
% Error in receiving Certificate Authority certificate: status = FAIL, cert length = 0

R5(config)#
.Oct  2 19:54:56.695: CRYPTO_PKI: pki request queued properly
.Oct  2 19:54:56.695: CRYPTO_PKI: Sending CA Certificate Request:
GET /cgi-bin/pkiclient.exe?operation=GetCACert&message=IOS-CA HTTP/1.0
User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Cisco PKI)
Host: 22.22.22.22


.Oct  2 19:54:56.695: CRYPTO_PKI: locked trustpoint IOS-CA, refcount is 1
.Oct  2 19:54:56.695: CRYPTO_PKI: can not resolve server name/IP address
.Oct  2 19:54:56.695: CRYPTO_PKI: Using unresolved IP Address 22.22.22.22
.Oct  2 19:54:56.695: CRYPTO_PKI: socket connect error.
.Oct  2 19:54:56.695: CRYPTO_PKI: status = 0: failed to open http connection
R5(config)#
.Oct  2 19:54:56.695: CRYPTO_PKI: unlocked trustpoint IOS-CA, refcount is 0
.Oct  2 19:54:56.695: CRYPTO_PKI: status = 65535: failed to send out the pki message
.Oct  2 19:54:56.695: CRYPTO_PKI: transaction GetCACert completed

----------------------------------------------------------------

what is locked trustpoint?

I believe mine all configuration is good..How can I resolve my issue..?


Thanks,


Kiran

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Marcin Latosiewicz Sun, 10/03/2010 - 02:05
User Badges:
  • Cisco Employee,

Kiran,



Debugs tell you that http connection failed.


Did you enable http server on the CA?


"show cry ca server"  can you please get that for me?


Marcin

Actions

This Discussion