Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.


Client 4.x, IOS router and MS CA problem

I'm setting up a VPN client 4.0.3 to an IOS router and want to use certificates to authenticate the vpn user. So far I have the router obtaining certificates from the MS CA, so I believe that I have the basics working.

However I'm not sure on how to set up the CA to issue a certificate to the client. Reading the documentation on the client (the documant refers to the V3 client, but I'm sure the process is the same) I can see how to set up the enrollment process, but it fails.

Tracing the connection I see the request is getting to the server, but its rejected with a message indicating the object has moved.

I'm pointing the CA enrollment url to http://<my-server>/certsrv/ however I now think this is incorrect.

Any pointers appreciated.


Re: Client 4.x, IOS router and MS CA problem

. You seem to be running into CSCed90732 - 'windows vpn client fails to enroll with IOS CA server via scep'. If this does turn out to be the case, you will need to enroll using pkcs10 instead.

You could also have a look at the following: CSCdz25200 - 'client cannot import a Microsoft certificate directly from CAPI' and CSCed49944 - 'cli client cert segmentation fault on import user cert bundle'

CreatePlease login to create content