Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
404
Views
0
Helpful
2
Replies

PKI: Query mode

Maxim Zimovets
Level 1
Level 1

‎01-31-2008 10:46 PM - edited ‎03-09-2019 08:01 PM

Hi.

I tried to implement Query mode for certificate obtaining. CA and client routers both run IOS 12.4(15)T1 and they have following configurations:

CA

!

crypto pki server ca

database level complete

grant auto

lifetime crl 1

cdp-url http://172.20.90.91/ca.crl

database url disk0:

!

crypto pki trustpoint ca

ip-address GigabitEthernet0/0

revocation-check crl

rsakeypair ca

!

!

crypto pki certificate chain ca

certificate ca 01

308202F8 308201E0 A0030201 02020101 300D0609 2A864886 F70D0101 04050030

:

8D6883B4 C9681095 9535861F D58417C6 1897DE8A 68A716FE D67B83FB

quit

!

client

!

crypto pki trustpoint CA

enrollment url http://172.20.90.91:80

serial-number none

ip-address none

fingerprint FB2DF4C0A6242C392DAF9C6D811F32CE

subject-name CN=ubc.test

query certificate

revocation-check crl

rsakeypair UBC 768

!

!

crypto pki certificate chain CA

certificate ca 01 query

fingerprint FB2DF4C0A6242C392DAF9C6D811F32CE

certificate 1A query

!

I successfully obtained root and identity certificates at the beginning. But when I reloaded the client it could not get its certificate.

Can anybody give my some light - what did I miss?

With best regards,

Maxim

Labels:
0 Helpful
2 Replies 2

f.aoun
Level 1
Level 1

‎02-01-2008 06:50 AM

Clock?

0 Helpful

Maxim Zimovets
Level 1
Level 1
In response to f.aoun

‎02-04-2008 08:20 PM

No. Clocks are fine. Both routers are synced to one time source.

Is there anything else I have to check?

Maxim

0 Helpful
Customers Also Viewed These Support Documents