Cisco Support Community
Community Member

OpenSCEP, 3000s, and enrollment

We are trying to use openscep with our vpn infrastructure. We are able to enroll pix501s and Catalyst 3750s (for fun). But when we try to enroll the 3000 concentrator, we get an error. I see that it has to do with a fingerprint mismatch that is mentioned in the openscep todo document.

With the Cisco VPN client software, we get "error 42" when we try to enroll. Has anyone seen this and found how to get it to work?



Re: OpenSCEP, 3000s, and enrollment

This could probably happen if a SCEP add-on does not start when the server is rebooted. Make sure all the add-ons start and then the client might be able to enroll.

Community Member

Re: OpenSCEP, 3000s, and enrollment

It is not an addon, it is perl, apache, and openssl. This is not the windows ca server I am asking about. It turns out, that for the VPN 3000 Concentrator and the software clients, that the transaction id and fingerprint are different, but according to one draft, they are supposed to be the same. It is either a bug, or a change in the draft. The draft we have in our archives is expired.

CreatePlease to create content