I want to authenticate my ipsec vpn client by using certificate. I am using asa5540 as ipsec vpn server. The first step I should do is create an trustpoint and authenticate it to ca. the trustpoint name is knasaca
when I execute the command
crypto ca authenticate knasaca
I have encountered the debug output below
crypto_ca_get_ca_certificate(17793220, 169d0a0)
crypto_pki_req(17793220, 11, ...)
Crypto CA thread wakes up!
CRYPTO_PKI: Sending CA Certificate Request:
GET /cgi-bin/pkiclient.exe?operation=GetCACert&message=knasaca HTTP/1.0
CRYPTO_PKI: http connection opened
CRYPTO_PKI: content dump count 75----------
CRYPTO_PKI: For function crypto_http_send
GET /cgi-bin/pkiclient.exe?operation=GetCACert&message=knasaca HTTP/1.0
CRYPTO_PKI: For function crypto_http_send
CRYPTO_PKI: content dump-------------------
ERROR: receiving Certificate Authority certificate: status = FAIL, cert length = 0
asavpn(config)#
CRYPTO_PKI: HTTP response header:
HTTP/1.1 404 Object Not Found
Server: Microsoft-IIS/5.0
Date: Thu, 19 Apr 2007 08:14:03 GMT
Content-Length: 4040
Content-Type: text/html
Content-Type indicates we did not receive a certificate.
CRYPTO_PKI: transaction GetCACert completedCrypto CA thread sleeps!
what can be the problem.
is there anyone who can send me the prosedure to accomplish fully ca configuration.
thanks in advance
Dogan