Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2387
Views
0
Helpful
0
Replies

Anyconnect cert enrollment with ASA SCEP proxy and MS SCEP

rkiste
Level 1
Level 1

‎06-28-2012 08:48 AM - edited ‎02-21-2020 06:09 PM

Trying to get my anyconnect client 3.0 client for windows to enroll with MS SCEP server through my ASA. 

Group policy is configured with SCEP forwarding URL http://<MS Server>/CertSrv/mscep/mscep.dll.  In the connection profile I checked the box for  Enable Simple Cert enrollment protocol.  I generated a client profile with Scep Host as asa.domain.com/connection profile name.  The CA url is the SCEP forwarding URL.  I also configured the Subjects and included the CA domain of the issuing CA.  The connection profile is configured for both AAA and Cert.  Now when I connect in I get the  AAA auth and get the challenge password request.  End result is a certificate enrollment failure

I see the traffic reaching the SCEP server.  I also see the response coming back to the ASA.  Not sure the next step to determine the Enrollment failure.           

1 person had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents