The explanation for "PKI-3-GETCARACERT: Failed to receive RA/CA certificates" is that PKI certificate has encountered failure when parsing and processing CA/RA certificates.Recommended Action is to check the status, contact the CA administrator.Also you can check whether the certification is valid or not.
This url explains about certificate authentication in detail:
Thank you for the reply, I got through that stage and now stuck with decoding of reply sent by OCSP (MS server 2008). the no-revocation check OID has a zero length value where as NULL is expected by cisco. MS has identified it as a bug but will be releasing its fix in SP2, just wanted to know if cisco has found a way around.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...