Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

Bronze

cannot retrieve crl after re-installing SCEP plugin

I have a Windows 2003 CA server with the SCEP plugin. All works well, except an issue that I found while testing backup/restore of the CA server.

When I restore the CA and then re-install the SCEP plugin, I can issue certificates, but I can't retrieve the CRL. I have to request a new CA/RA/cleint cert before I am again able to retrieve the CRL.

I wasn't sure if it was the CA restore or the re-install of the SCEP plugin that was causing the issue, so I re-installed the SCEP plugin without a CA server backup and got the same issue.

Is there any way to have the SCEP reuse the certificate that was issued to it previously after or during re-installing the plugin?

  • VPN
2 REPLIES
Silver

Re: cannot retrieve crl after re-installing SCEP plugin

I guess it is a CA restore issue. What are your configurations on the client regarding the CRL? Can someone confirm if this can be achieved at all?

Bronze

Re: cannot retrieve crl after re-installing SCEP plugin

It is definately an SCEP plugin issue. I'm using PIX 6.3(5) on our remote PIX firewalls.

After re-installing the SCEP plugin, I can issue a new certificate to a PIX firewall and it can build a VPN tunnel to a firewall that has a certificate that was issued before the SCEP re-install. However, the PIX with the certificate that was issued before the SCEP re-install can no longer retreive the CRL. A faut is seen with debug when trying to retreive the CRL as well.

247
Views
0
Helpful
2
Replies
This widget could not be displayed.