Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

vpn using digital certificates from microsoft CA ... any ideas

Alright

I have been trying to set up a vpn using digital certificates to authenticate the devices (PIX). I am using microsoft certificate services with the mscep.dll add on. When I try to enroll a certificate I get this :

pix1(config)# ca generate rsa key 512

Keypair generation process begin.

.Success.

pix1(config)# ca identity CA 10.0.0.20:/certsrv/mscep/mscep.dll

pix1(config)# ca configure CA ra 1 20 crloptional

pix1(config)# ca authenticate CA

Certificate has the following attributes:

Fingerprint: 1c93454b 263051d8 b4fd283f 6e3044ac

pix1(config)# ca enroll CA cisco

%

% Start certificate enrollment ..

% The subject name in the certificate will be: pix1.companyname.com

% Certificate request sent to Certificate Authority

% The certificate request fingerprint will be displayed.

pix1(config)# Fingerprint: 4595bd93 396f425c 03a68138 7a6b4c23

The certificate enrollment request was denied by CA!

Any ideas why this does not work. There is no security that stops access to the CA.

Cheers

Dean

  • Other Security Subjects
1 REPLY
New Member

Re: vpn using digital certificates from microsoft CA ... any ide

no replies ...... oh well !

I have solved the problem myself. If anybody has the same problem I got round it be unchecking the automatic enrollment option during cepsetup. I can now enroll certificates, but I have to issue them manually from certserv's pending folder.

cheers

760
Views
0
Helpful
1
Replies
This widget could not be displayed.