Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Problems with CA Support (SCEP)

Hi

I try to setup a simple IPsec router/router Lab with MS2K Server CA.

I have successfully installed cepsetup.exe, i have check'd out the local CA webpage which shows me the fingerprint and pw...looks fine

The problem:

If i use the command "crypto ca athenticate vpn" and the pki debug, i get the following output.

.

wg1r2(config)#crypto ca authenticate vpn

% Error in receiving Certificate Authority certificate: status = FAIL, cert leng

th = 0

00:14:58: CRYPTO_PKI: Sending CA Certificate Request:

GET /certsrv/mscep/mscep.dll/pkiclient.exe?operation=GetCACert&message=vpn HTTP/

1.0

00:14:58: CRYPTO_PKI: http connection opened

00:14:58: CRYPTO_PKI: HTTP response header:

HTTP/1.1 200 OK

Server: Microsoft-IIS/5.0

Date: Sat, 01 Feb 2003 18:28:29 GMT

Content-Length: 3380

Content-Type: application/x-x509-ca-ra-cert

Content-Type indicates we have received CA and RA certificates.

00:14:58: CRYPTO_PKI: Can not get name ava count

00:14:58: CRYPTO_PKI: can not decode router sub name.

00:14:58: CRYPTO_PKI: Can not get name ava count

00:14:58: CRYPTO_PKI: can not decode router sub name.

00:14:58: CRYPTO_PKI: Can not get name ava count

00:14:58: CRYPTO_PKI: can not decode router sub name.

00:14:58: CRYPTO_PKI: Error: Certificate, private key or CRL was not found whil

e selecting certificate chain

00:14:58: CRYPTO_PKI: WARNING: A certificate chain could not be constructed whil

e selecting certificate status

00:14:58: CRYPTO_PKI: Can not get name ava count

00:14:58: CRYPTO_PKI: can not decode router sub name.

00:14:58: CRYPTO_PKI: Can not get name ava count

00:14:58: CRYPTO_PKI: can not decode router sub name.

00:14:59: CRYPTO_PKI: Can not get name ava count

00:14:59: CRYPTO_PKI: can not decode router sub name.

00:14:59: CRYPTO_PKI: Error: Certificate, private key or CRL was not found whil

e selecting certificate chain

00:14:59: CRYPTO_PKI: WARNING: A certificate chain could not be constructed whil

e selecting certificate status

00:14:59: CRYPTO_PKI: Can not get name ava count

00:14:59: CRYPTO_PKI: can not decode router sub name.

00:14:59: CRYPTO_PKI: Can not get name ava count

00:14:59: CRYPTO_PKI: can not decode router sub name.

00:14:59: CRYPTO_PKI: Can not get name ava count

00:14:59: CRYPTO_PKI: can not decode router sub name.

00:14:59: CRYPTO_PKI: Can not get name ava count

00:14:59: CRYPTO_PKI: can not get decoded name

00:14:59: CRYPTO_PKI: Unable to read CA/RA certificates.

00:14:59: %CRYPTO-3-GETCARACERT: Failed to receive RA/CA certificates.

00:14:59: CRYPTO_PKI: transaction GetCACert completed

Unfortunately i can't find any docs on cco which provide a solution for this issue. On the MS Server i get some traffic, i think something with the MS Appl. is not ok. Any ideas ??

Thanks

Louis

1 REPLY
Community Member

Re: Problems with CA Support (SCEP)

I have finally found the mistake.

The CA was setup as root CA and Active Directory was not installed.

175
Views
0
Helpful
1
Replies
CreatePlease to create content