10-27-2006 03:48 AM - edited 03-09-2019 04:41 PM
Hi all,
I need urgent help related to enrollment
of certificate from our PIX. We have Microsoft CA with SCEP installed on it and everything worked fine until now.
We cannot now do enrollment with our CA. I see that request was denied with CA when I manage PIX through ASDM.
From CLI of PIX I see that request was send but in CA I dont see pending request.
Pls. could someone help me.
BR.
jl
11-02-2006 06:48 AM
Which PIX FW version are you using? The 7.0 code is designed for higher model of PIX which unfortunately does not include the PIX 501. PIX 501 can only obtain the certificate thru SCEP.
you can create a new trustpoint and then set it for self-signed during enrollment.
Then when you enroll your certificate, it will generate a self-signed cert:
pixfirewall(config)# crypto ca trustpoint TEST
pixfirewall(config-ca-trustpoint)# fqdn pixfirewall.cisco.com
pixfirewall(config-ca-trustpoint)# enrollment self
pixfirewall(config-ca-trustpoint)# exit
pixfirewall(config)# crypto ca enroll TEST
% The fully-qualified domain name in the certificate will be: pixfirewall.cisco.com
% Include the device serial number in the subject name? [yes/no]: no
Generate Self-Signed Certificate? [yes/no]: yes
pixfirewall(config)#
Try these links for more info:
http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a008045247b.html
http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v53/ipsec/excas.htm
11-03-2006 01:16 AM
Hi,
thanks a lot for advice. Its very helpful for me. Ill try this. Links are very helpful.
We are using PIXOS 7.2.4.
Is it possible to do this on router(2600,3600)?
Thanks a lot.
BR
jl
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide