certsrv is correct. You can easily verify that by looking at Microsoft Certificate Server.
You know this problem is exasperating! How can Microsoft have a server which uses mscep.dll , and then the cisco pix requires it to be called pkiclient.exe? There is a major disconnect between these two vendors. Or I am missing something ( which I probably am!).
The question remains "Why should pkiclient.exe appear anywhere in the http communication?" As you can see, the URL points to :/certsrv/mscep/mscep.dll, which obviously makes no reference to pkiclient.exe.
Of course, the fact that you say that you can make this work indicates that the problem is on my end. The only difference here is that you used a pix 515 and I have a pix 506.
Your config looks correct, you did do a "cry gen rsa key xxx" command before this, correct? Not sure what the pkiclient.exe stuff is, never noticed that in a Sniffer trace before, but it definately does work, I've done it 100's of times.
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin...
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...