Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

CA authentication on PIX

PIX 515 with VPN and des enabled running Ver. 6.1

I hv configured the pix for the CA cert server authentication using W2K Domain Controller and was unable to authenticate the cert server thru pix. The config was done using the following command mentioned below:

pix(config)# ca generate rsa specialkey rsa 512

For <key_modulus_size> >= 512, key generation could

take up to several minutes. Please wait.

pix(config)# ca identity caserver 140.188.8.13://caserver/certsrv/mscep/mscep.dll

pix(config)# ca configure caserver ca 1 20 crloptional

pix(config)# show ca mypubkey rsa

% Key pair was generated at: 13:00:09 UTC Jan 23 2003

Key name: pix.domain.net

Usage: Encryption Key

Key Data: XXXXX

pix(config)# ca authenticate caserver

pix(config)#

After issuing the above said command, i can see neithier any attributes nor any finger prints. The same thing was also implemented on a router with FW based IOS where it generated an error msg "% Error in receiving Certificate Authority certificate: status = FAIL, cert length = 0".

What shud be the problem for the above mentioned and shall be of great help in resolving the same.

Rgds,

Deepak

1 REPLY
Cisco Employee

Re: CA authentication on PIX

The Windows 2000 CA server acts as an RA, not a CA, so do:

> ca configure caserver ra 1 20 crloptional

Note the "ra", not "ca". See http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_62/config/sit2site.htm#1006943

133
Views
0
Helpful
1
Replies
CreatePlease login to create content