Authentication request to a CA server

Unanswered Question
Jul 11th, 2006
User Badges:

PIX515E (6.3.4). Attempting to request a certificate from a remote CA server. Entered this in the config...


ca identity somewhere.net 54.254.254.54:81/cgi-bin

ca configure somewhere.net ca 2 20 crloptional


When running the command 'ca authenticate somewhere.net' I get no output displayed. Technician on the CA server says request is being made, but on port 80. Need the request to be made on port 81. Any suggestions?


Thanks.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
slaurin Tue, 07/11/2006 - 09:46
User Badges:

Hi,


did you also issue the "ca enroll somewhere.net" command?


you can view the enrollment process with the "debug crypto ca 255" command.


Kind regards,


Simon Laurin

jeff.carr Tue, 07/11/2006 - 10:47
User Badges:

Simon,


The 'ca enroll somewhere.net' command fails because I don't yet have the cert. It gives me the output

% No CA root cert exists. Use "ca authenticate"


I am not able to recive a response from the server becuase I am not presenting my request with the correct TCP port. The request is making it to the server, it's just not being received by the service.


Thank you for your suggestion.


Jeff

slaurin Tue, 07/11/2006 - 11:44
User Badges:

Hi Jeff,


I think that version 6 actually requires that the SCEP service run on port 80.


From the command reference:


ca identity ca_nickname [ca_ipaddress| hostname [:ca_script_location] [ldap_ip address| hostname]]


Sorry I never actually used a different port on a PIX running code version 6.


Regards


Simon Laurin

hemendoz Wed, 07/12/2006 - 15:23
User Badges:
  • Cisco Employee,

Hello Jeff/Simon


You are correct. Port 80 is hard coded on the pix and can not be changed.


Hope this helps! If so, please rate.


Thanks

Actions

This Discussion