Authentication request to a CA server

jeff.carr · ‎07-11-2006

PIX515E (6.3.4). Attempting to request a certificate from a remote CA server. Entered this in the config...

ca identity somewhere.net 54.254.254.54:81/cgi-bin

ca configure somewhere.net ca 2 20 crloptional

When running the command 'ca authenticate somewhere.net' I get no output displayed. Technician on the CA server says request is being made, but on port 80. Need the request to be made on port 81. Any suggestions?

Thanks.

slaurin · ‎07-11-2006

Hi,

did you also issue the "ca enroll somewhere.net" command?

you can view the enrollment process with the "debug crypto ca 255" command.

Kind regards,

Simon Laurin

jeff.carr · ‎07-11-2006

Simon,

The 'ca enroll somewhere.net' command fails because I don't yet have the cert. It gives me the output

% No CA root cert exists. Use "ca authenticate"

I am not able to recive a response from the server becuase I am not presenting my request with the correct TCP port. The request is making it to the server, it's just not being received by the service.

Thank you for your suggestion.

Jeff

slaurin · ‎07-11-2006

Hi Jeff,

I think that version 6 actually requires that the SCEP service run on port 80.

From the command reference:

ca identity ca_nickname [ca_ipaddress| hostname [:ca_script_location] [ldap_ip address| hostname]]

Sorry I never actually used a different port on a PIX running code version 6.

Regards

Simon Laurin

hemendoz · ‎07-12-2006

Hello Jeff/Simon

You are correct. Port 80 is hard coded on the pix and can not be changed.

Hope this helps! If so, please rate.

Thanks