Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

pix certificate and mscep

Hi

We have a cisco pix firewall ,i ve done every step to configure pix certification for l2tp connection also i've set my clock and timezone to gmt and set the time to ca server time:

hostname mypixfirewall

domain-name saderat.com

ca generate rsa key 512

ca identity myca.saderat.com 10.1.1.5:/certsrv/mscep/mscep.dll

ca configure myca.saderat.com ca 1 20 crloptional

ca authenticate myca.saderat.com

ca enroll myca.saderat.com

% No CA root cert exists. Use "ca authenticate"

I turn on debuging with debug crypto ca and see crypto_fail status 266 when i entered ca authentication .... command.

Do i need any addtional configuration on Ca server i've only installed it and didnt change any configuration i also want to know when i install msecp what kind of encryption and authentication i must use ?

Thanks.

Best Regards bahman mozaffari.

1 REPLY
New Member

Re: pix certificate and mscep

Your enrollment URL maybe wrong. Thus you can not download the root CA cert.

try this: http://10.1.1.5/certsrv/mscep/mscep.dll

and reauthenticate and re-enroll with the CA.

153
Views
0
Helpful
1
Replies
CreatePlease login to create content