Please help regarding configuring IOS-CA

Unanswered Question
Oct 2nd, 2010

R4 is my CA-server ...while R5 is my ca-client...while r5 requesting certificate from R4 getting the following error:

R5(config)#crypto pki authenticate IOS-CA
% Error in receiving Certificate Authority certificate: status = FAIL, cert length = 0

R5(config)#
.Oct  2 19:54:56.695: CRYPTO_PKI: pki request queued properly
.Oct  2 19:54:56.695: CRYPTO_PKI: Sending CA Certificate Request:
GET /cgi-bin/pkiclient.exe?operation=GetCACert&message=IOS-CA HTTP/1.0
User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Cisco PKI)
Host: 22.22.22.22


.Oct  2 19:54:56.695: CRYPTO_PKI: locked trustpoint IOS-CA, refcount is 1
.Oct  2 19:54:56.695: CRYPTO_PKI: can not resolve server name/IP address
.Oct  2 19:54:56.695: CRYPTO_PKI: Using unresolved IP Address 22.22.22.22
.Oct  2 19:54:56.695: CRYPTO_PKI: socket connect error.
.Oct  2 19:54:56.695: CRYPTO_PKI: status = 0: failed to open http connection
R5(config)#
.Oct  2 19:54:56.695: CRYPTO_PKI: unlocked trustpoint IOS-CA, refcount is 0
.Oct  2 19:54:56.695: CRYPTO_PKI: status = 65535: failed to send out the pki message
.Oct  2 19:54:56.695: CRYPTO_PKI: transaction GetCACert completed

----------------------------------------------------------------

what is locked trustpoint?

I believe mine all configuration is good..How can I resolve my issue..?

Thanks,

Kiran

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Marcin Latosiewicz Sun, 10/03/2010 - 02:05

Kiran,

Debugs tell you that http connection failed.

Did you enable http server on the CA?

"show cry ca server"  can you please get that for me?

Marcin

Actions

This Discussion