Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

VPN with certificates from microsoft CA ... any ideas ??


I have been trying to set up a vpn using digital certificates to authenticate the devices (PIX). I am using microsoft certificate services with the mscep.dll add on. When I try to enroll a certificate I get this :

pix1(config)# ca generate rsa key 512

Keypair generation process begin.


pix1(config)# ca identity CA

pix1(config)# ca configure CA ra 1 20 crloptional

pix1(config)# ca authenticate CA

Certificate has the following attributes:

Fingerprint: 1c93454b 263051d8 b4fd283f 6e3044ac

pix1(config)# ca enroll CA cisco


% Start certificate enrollment ..

% The subject name in the certificate will be:

% Certificate request sent to Certificate Authority

% The certificate request fingerprint will be displayed.

pix1(config)# Fingerprint: 4595bd93 396f425c 03a68138 7a6b4c23

The certificate enrollment request was denied by CA!

Any ideas why this does not work. There is no security that stops access to the CA.



New Member

Re: VPN with certificates from microsoft CA ... any ideas ??

no replies ...... oh well !

I have solved the problem myself. If anybody has the same problem I got round it be unchecking the automatic enrollment option during cepsetup. I can now enroll certificates, but I have to issue them manually from certserv's pending folder.


New Member

Re: VPN with certificates from microsoft CA ... any ideas ??

When you do ca enroll you dont type in any old passwd, you type in the 'password' that the web page tells you to use - The one thats only valid for about 60 mins and is a HEX string.