Cisco Support Community
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

asa ca enrollment

I want to authenticate my ipsec vpn client by using certificate. I am using asa5540 as ipsec vpn server. The first step I should do is create an trustpoint and authenticate it to ca. the trustpoint name is knasaca

when I execute the command

crypto ca authenticate knasaca

I have encountered the debug output below

crypto_ca_get_ca_certificate(17793220, 169d0a0)

crypto_pki_req(17793220, 11, ...)

Crypto CA thread wakes up!

CRYPTO_PKI: Sending CA Certificate Request:

GET /cgi-bin/pkiclient.exe?operation=GetCACert&message=knasaca HTTP/1.0

CRYPTO_PKI: http connection opened

CRYPTO_PKI: content dump count 75----------

CRYPTO_PKI: For function crypto_http_send

GET /cgi-bin/pkiclient.exe?operation=GetCACert&message=knasaca HTTP/1.0

CRYPTO_PKI: For function crypto_http_send

CRYPTO_PKI: content dump-------------------

ERROR: receiving Certificate Authority certificate: status = FAIL, cert length = 0


CRYPTO_PKI: HTTP response header:

HTTP/1.1 404 Object Not Found

Server: Microsoft-IIS/5.0

Date: Thu, 19 Apr 2007 08:14:03 GMT

Content-Length: 4040

Content-Type: text/html

Content-Type indicates we did not receive a certificate.

CRYPTO_PKI: transaction GetCACert completedCrypto CA thread sleeps!

what can be the problem.

is there anyone who can send me the prosedure to accomplish fully ca configuration.

thanks in advance



Re: asa ca enrollment

This chapter describes how to configure certificates. CAs are responsible for managing certificate requests and issuing digital certificates. A digital certificate contains information that identifies a user or device. Some of this information can include a name, serial number, company, department, or IP address. A digital certificate also contains a copy of the public key for the user or device. A CA can be a trusted third party, such as VeriSign, or a private (in-house) CA that you establish within your organization.

CreatePlease to create content