cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1308
Views
0
Helpful
2
Replies

MS-CA/SCEP and ASA certificate enrollment issue

MARK BAKER
Level 4
Level 4

I have an 2003 MS-CA/scep server set up. I can get certificates for PIX 6.3 devices, but when I try to get a cert for an ASA 7.2(2)5. I see an error message in event viewer of the ca server stating that the SCEP plugin could not determine the key usage from the cert request.

I found a document from microsoft stating that the mscep version 5.131.3790.1053 is required to fix this very issue. I checked the version of the mscep.dll on the server and it is the same as above.

Has someone else seen this issue? Also, is it possible that the mscep.dll on my server is not the same mscep.dll on microsoft's webpage even though they have the same version number?

Thanks for your help

2 Replies 2

bstremp
Level 2
Level 2

Try this:

It may be due to Admin credentials dont apply to the scep enrollment.

Check the Clock in ASA , Is the ASA clock in sync with the CA clock.

Try this link:

http://www.cisco.com/en/US/products/ps6120/products_configuration_guide_chapter09186a008045247b.html#wp1042284

MARK BAKER
Level 4
Level 4

I found that the problem was that during the enrollment process when asked to supply a password for revocation, I was using a password with special characters (@ and -). This was causing my issue. After using a password without the special characters, it worked fine.

Thanks,

Mark

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: