Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.


MS-CA/SCEP and ASA certificate enrollment issue

I have an 2003 MS-CA/scep server set up. I can get certificates for PIX 6.3 devices, but when I try to get a cert for an ASA 7.2(2)5. I see an error message in event viewer of the ca server stating that the SCEP plugin could not determine the key usage from the cert request.

I found a document from microsoft stating that the mscep version 5.131.3790.1053 is required to fix this very issue. I checked the version of the mscep.dll on the server and it is the same as above.

Has someone else seen this issue? Also, is it possible that the mscep.dll on my server is not the same mscep.dll on microsoft's webpage even though they have the same version number?

Thanks for your help

New Member

Re: MS-CA/SCEP and ASA certificate enrollment issue

Try this:

It may be due to Admin credentials dont apply to the scep enrollment.

Check the Clock in ASA , Is the ASA clock in sync with the CA clock.

Try this link:


Re: MS-CA/SCEP and ASA certificate enrollment issue

I found that the problem was that during the enrollment process when asked to supply a password for revocation, I was using a password with special characters (@ and -). This was causing my issue. After using a password without the special characters, it worked fine.