Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

SCEP: failed to open signed data

Hi,

I am trying to create a solution what would consist the following:

Avaya hard phones would vpn into the corporate network. Vpn authentication would be based on certificates. As I getting into the

implementation I found out that one of the key points of the solution is to using SCEP to enroll the certificates from CA server to the avaya

hardphones.  And here comes my trouble: I would like to use a cisco router as a CA server for this solution but when the phones try to enroll the

certificate I got this error on the router:

Sep 23 13:36:16.935: CRYPTO_CS: received a SCEP GetCACert request

Sep 23 13:36:16.939: CRYPTO_CS: CA certificate sent

Sep 23 13:36:19.515: CRYPTO_CS: received a SCEP request, 2263 bytes

Sep 23 13:36:19.519: CRYPTO_CS: read SCEP: registered and bound service SCEP_READ_DB_2   

Sep 23 13:36:19.519: CRYPTO_CS: failed to open signed data

Sep 23 13:36:19.519: CRYPTO_CS: read SCEP: unregistered and unbound service SCEP_READ_DB_2   

Sep 23 13:36:19.519: CRYPTO_CS: failed to read SCEP request

I enabled the following debug options:

PKI:

  Crypto PKI Msg debugging is on

  Crypto PKI Trans debugging is on

  Crypto PKI Certificate Server debugging is on

  Crypto PKI Validation Path debugging is on

Cisco router is a cisco 2811 router with the following IOS:

Cisco IOS Software, 2800 Software (C2800NM-IPBASEK9-M), Version 15.1(4)M6, RELEASE SOFTWARE (fc2)

Thanks,

Andras

Everyone's tags (7)
654
Views
0
Helpful
0
Replies