Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

SCEP protocol and PIXOS 7.0.

Hi all,

I need urgent help related to enrollment

of certificate from our PIX. We have Microsoft CA with SCEP installed on it and everything worked fine until now.

We cannot now do enrollment with our CA. I see that request was denied with CA when I manage PIX through ASDM.

From CLI of PIX I see that request was send but in CA I dont see pending request.

Pls. could someone help me.

BR.

jl

  • Other Security Subjects
2 REPLIES
Silver

Re: SCEP protocol and PIXOS 7.0.

Which PIX FW version are you using? The 7.0 code is designed for higher model of PIX which unfortunately does not include the PIX 501. PIX 501 can only obtain the certificate thru SCEP.

you can create a new trustpoint and then set it for self-signed during enrollment.

Then when you enroll your certificate, it will generate a self-signed cert:

pixfirewall(config)# crypto ca trustpoint TEST

pixfirewall(config-ca-trustpoint)# fqdn pixfirewall.cisco.com

pixfirewall(config-ca-trustpoint)# enrollment self

pixfirewall(config-ca-trustpoint)# exit

pixfirewall(config)# crypto ca enroll TEST

% The fully-qualified domain name in the certificate will be: pixfirewall.cisco.com

% Include the device serial number in the subject name? [yes/no]: no

Generate Self-Signed Certificate? [yes/no]: yes

pixfirewall(config)#

Try these links for more info:

http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a008045247b.html

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v53/ipsec/excas.htm

New Member

Re: SCEP protocol and PIXOS 7.0.

Hi,

thanks a lot for advice. Its very helpful for me. Ill try this. Links are very helpful.

We are using PIXOS 7.2.4.

Is it possible to do this on router(2600,3600)?

Thanks a lot.

BR

jl

98
Views
0
Helpful
2
Replies
This widget could not be displayed.