Cant seem to renew Cert on PIX - CA and RA Certs have old Dates
I'm trying to renew my cert on my pix with a MS Cert Server.
Te Cert Expired today and all my client connections are failing.
I've tried to renew the cert using the following:
no ca save all
ca zeroize rsa
no ca ident myident
ca generate rsa key 1024
ca identity myident 10.0.0.1:/certsrv/mscep/mscep.dll
ca configure myident ra 1 20
ca authenticate myident
ca enroll myident cisco1
ca save all
When I get to the 'ca authenticate myident' command I can do a 'sh ca cert' and it shows me my old CA Certificate, RA Signature Certificate and RA KeyEncipher Certificates. They all have the old Valid Dates on them...
I've renewed the CA's Cert and its good till 1/12/2005.
On the MS Side of things I'm getting the following Error:
Evernt CertSVC Error 21
Certificate Services could not process request 133 due to an error: A required certificate is not within its validity period when verifying against the current system clock or the timestamp in the signed file. 0x800b0101 (-2146762495). The request was for CN=firewall.domain.com+ OID.1.2.840.1135220.127.116.11=firewall.domain.com.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...