Authentication request to a CA server

Unanswered Question
Jul 11th, 2006
User Badges:

PIX515E (6.3.4). Attempting to request a certificate from a remote CA server. Entered this in the config...

ca identity

ca configure ca 2 20 crloptional

When running the command 'ca authenticate' I get no output displayed. Technician on the CA server says request is being made, but on port 80. Need the request to be made on port 81. Any suggestions?


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
slaurin Tue, 07/11/2006 - 09:46
User Badges:


did you also issue the "ca enroll" command?

you can view the enrollment process with the "debug crypto ca 255" command.

Kind regards,

Simon Laurin

jeff.carr Tue, 07/11/2006 - 10:47
User Badges:


The 'ca enroll' command fails because I don't yet have the cert. It gives me the output

% No CA root cert exists. Use "ca authenticate"

I am not able to recive a response from the server becuase I am not presenting my request with the correct TCP port. The request is making it to the server, it's just not being received by the service.

Thank you for your suggestion.


slaurin Tue, 07/11/2006 - 11:44
User Badges:

Hi Jeff,

I think that version 6 actually requires that the SCEP service run on port 80.

From the command reference:

ca identity ca_nickname [ca_ipaddress| hostname [:ca_script_location] [ldap_ip address| hostname]]

Sorry I never actually used a different port on a PIX running code version 6.


Simon Laurin

hemendoz Wed, 07/12/2006 - 15:23
User Badges:
  • Cisco Employee,

Hello Jeff/Simon

You are correct. Port 80 is hard coded on the pix and can not be changed.

Hope this helps! If so, please rate.



This Discussion