IOS HTTP-server to support IOS Certificate Authority server
I try to set up Certificate Authority server to support small vpn network . My CA-sever is IOS router with installed IOS version 12.4(18e). For CA-server to support my routers I need to start http-server on the CA-router. Right now the router has following relevant configuration:
aaa authentication login default group tacacs+ local enable
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ local
aaa authorization commands 15 default group tacacs+ local
The process of certificate generation works prefect - I can obtain certificates easily.
The problem starts when routers tries to obtain CRL. CRL is located on the CA-router and should be accessed via plain http. But latest IOS http-servers require http authentication to connect to them. I tried several options to support authentication. But it's still without success. I have another requirement - one of device is Cisco VPN3K. And it's not possible (as far as I know) to set up some form of username/password.
Can anybody suggest some solution to suppress http-authentication? Or maybe there is some other solution to put CRL somewhere to be accessible?
Re: IOS HTTP-server to support IOS Certificate Authority server
Did you try adding a default authentication list set to none, and add named authentication lists for your other AAA services? If you do that, and add 'ip http authentication aaa', that should help with the authentication portion
After that, you just have to figure out the 'ip http path' and add that to the router config.
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...