Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

PIX 501 get a CA from MS CA server..

Main Goal: To have a PIX 501 get a CA from MS CA server..

How does PIX or a router get a CA from the MS certificate

server? I understand the lines of code you have to type in on a PIX / router

i.e.path to get to the CA server but How does the CA server do this

dynamically?

-I have no auth on the CA server so from a PC on the LAN I get

in w/o typing a u/n passwrd. URL: http://192.168.0.100/certsrv/ and it

brings up a web page that shows me 3 options.

My question is how does PIX/Router know where to go from

here...? I can not seem to find out how the PIX gets the CA from the

server.. I am missing something.. I'm just not sure what at this point.

-Jeff

2 REPLIES
Cisco Employee

Re: PIX 501 get a CA from MS CA server..

First your CA server should have CEP installed, it is part of W2K resource kit.

The router or PIX gets the root CA certificate from the server via the authenticate command (you type it from the config mode) and then it gets its identity cert by enrolling to the ca server, again from the config mode.

see the step by step guide on the PIX to do this on:http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_61/config/ipsecint.htm#xtocid7

see section on: Configuring the PIX Firewall to Use Certificates

New Member

Re: PIX 501 get a CA from MS CA server..

thanks!

87
Views
0
Helpful
2
Replies
CreatePlease to create content