Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Authentication request to a CA server

PIX515E (6.3.4). Attempting to request a certificate from a remote CA server. Entered this in the config...

ca identity somewhere.net 54.254.254.54:81/cgi-bin

ca configure somewhere.net ca 2 20 crloptional

When running the command 'ca authenticate somewhere.net' I get no output displayed. Technician on the CA server says request is being made, but on port 80. Need the request to be made on port 81. Any suggestions?

Thanks.

4 REPLIES
Community Member

Re: Authentication request to a CA server

Hi,

did you also issue the "ca enroll somewhere.net" command?

you can view the enrollment process with the "debug crypto ca 255" command.

Kind regards,

Simon Laurin

Community Member

Re: Authentication request to a CA server

Simon,

The 'ca enroll somewhere.net' command fails because I don't yet have the cert. It gives me the output

% No CA root cert exists. Use "ca authenticate"

I am not able to recive a response from the server becuase I am not presenting my request with the correct TCP port. The request is making it to the server, it's just not being received by the service.

Thank you for your suggestion.

Jeff

Community Member

Re: Authentication request to a CA server

Hi Jeff,

I think that version 6 actually requires that the SCEP service run on port 80.

From the command reference:

ca identity ca_nickname [ca_ipaddress| hostname [:ca_script_location] [ldap_ip address| hostname]]

Sorry I never actually used a different port on a PIX running code version 6.

Regards

Simon Laurin

Cisco Employee

Re: Authentication request to a CA server

Hello Jeff/Simon

You are correct. Port 80 is hard coded on the pix and can not be changed.

Hope this helps! If so, please rate.

Thanks

121
Views
0
Helpful
4
Replies
CreatePlease to create content