03-12-2007 02:49 PM
Hi,
My question is Ra certificates - I have a Microsoft CA with SCEP installed. SCEP is the RA and requests a certificate from the CA on behalf of the client. But when i enroll an ASA via SCEP, when the certificate is pending two certificates appear as 'RA' when i do 'show crypto CA certificates'. When I issue the ID certificate on the CA, these 'RA' certificates disappear on the ASA - what exactly are these certificates and why are they there, and then disappear? This is also the same when enrolling VPN client.
Thanks for your help!
Andy
03-13-2007 12:01 PM
Andy,
Here is what I did. I had the ASA and SCEP configured for Microsoft CA.
I generated the CSR on the ASA - at that time, this was the output of sh cry ca cert
Subject Name:
Name: VPNASA
Status: Pending terminal enrollment
Key Usage: General Purpose
Fingerprint: ccccccb bbbbbb9 90f5ebb4 ab37e34a
After that, I got the CA certificate through SCEP and installed the identity certificate which I obtained from the microsoft CA server.
Can you please send me the "sh cry ca cert" and also a snippet of your config to check out the crypto trustpoint configured.
Thanks
Gilbert
03-13-2007 12:40 PM
Hi Gilbert,
Thanks for your response! I have MSWord screen shots of exactly what i did but was live for a customer and contains sensitive info - I will recreate in my lab straight away!
However - here is my events,
Generate RSA general keys
Create trustpoint with SCEP URL and then reference the RSA key label just generated
Crypto CA authenticate
Accept the cert
Show crypto ca certs shows the CA cert
Crypto ca enroll - answer the questions, certificate is pending.
It is now that these 'RA' certs x2 appear under 'show crypto ca certs'.
Issue the certificate on the CA
Show crypto ca cert shows Root and ID cert and the 'RA' certs disappear?
Exactly the same happens on VPN client...
What are these RA certs etc
Thanks for your help Gilbert :-)
Andy
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: