cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
4096
Views
0
Helpful
2
Replies

Please help regarding configuring IOS-CA

Kiran Doijode
Level 1
Level 1

R4 is my CA-server ...while R5 is my ca-client...while r5 requesting certificate from R4 getting the following error:

R5(config)#crypto pki authenticate IOS-CA
% Error in receiving Certificate Authority certificate: status = FAIL, cert length = 0

R5(config)#
.Oct  2 19:54:56.695: CRYPTO_PKI: pki request queued properly
.Oct  2 19:54:56.695: CRYPTO_PKI: Sending CA Certificate Request:
GET /cgi-bin/pkiclient.exe?operation=GetCACert&message=IOS-CA HTTP/1.0
User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Cisco PKI)
Host: 22.22.22.22


.Oct  2 19:54:56.695: CRYPTO_PKI: locked trustpoint IOS-CA, refcount is 1
.Oct  2 19:54:56.695: CRYPTO_PKI: can not resolve server name/IP address
.Oct  2 19:54:56.695: CRYPTO_PKI: Using unresolved IP Address 22.22.22.22
.Oct  2 19:54:56.695: CRYPTO_PKI: socket connect error.
.Oct  2 19:54:56.695: CRYPTO_PKI: status = 0: failed to open http connection
R5(config)#
.Oct  2 19:54:56.695: CRYPTO_PKI: unlocked trustpoint IOS-CA, refcount is 0
.Oct  2 19:54:56.695: CRYPTO_PKI: status = 65535: failed to send out the pki message
.Oct  2 19:54:56.695: CRYPTO_PKI: transaction GetCACert completed

----------------------------------------------------------------

what is locked trustpoint?

I believe mine all configuration is good..How can I resolve my issue..?

Thanks,

Kiran

1 Accepted Solution

Accepted Solutions

Marcin Latosiewicz
Cisco Employee
Cisco Employee

Kiran,

Debugs tell you that http connection failed.

Did you enable http server on the CA?

"show cry ca server"  can you please get that for me?

Marcin

View solution in original post

2 Replies 2

Marcin Latosiewicz
Cisco Employee
Cisco Employee

Kiran,

Debugs tell you that http connection failed.

Did you enable http server on the CA?

"show cry ca server"  can you please get that for me?

Marcin

THE HTTP PORT 80 is block between ca server or client

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: