I have an 2003 MS-CA/scep server set up. I can get certificates for PIX 6.3 devices, but when I try to get a cert for an ASA 7.2(2)5. I see an error message in event viewer of the ca server stating that the SCEP plugin could not determine the key usage from the cert request.
I found a document from microsoft stating that the mscep version 5.131.3790.1053 is required to fix this very issue. I checked the version of the mscep.dll on the server and it is the same as above.
Has someone else seen this issue? Also, is it possible that the mscep.dll on my server is not the same mscep.dll on microsoft's webpage even though they have the same version number?
Re: MS-CA/SCEP and ASA certificate enrollment issue
I found that the problem was that during the enrollment process when asked to supply a password for revocation, I was using a password with special characters (@ and -). This was causing my issue. After using a password without the special characters, it worked fine.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...