Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1031
Views
0
Helpful
2
Replies

RA Certificates

andrew100
Level 1
Level 1

‎03-12-2007 02:49 PM

Hi,

My question is Ra certificates - I have a Microsoft CA with SCEP installed. SCEP is the RA and requests a certificate from the CA on behalf of the client. But when i enroll an ASA via SCEP, when the certificate is pending two certificates appear as 'RA' when i do 'show crypto CA certificates'. When I issue the ID certificate on the CA, these 'RA' certificates disappear on the ASA - what exactly are these certificates and why are they there, and then disappear? This is also the same when enrolling VPN client.

Thanks for your help!

Andy

Labels:
0 Helpful
2 Replies 2

ggilbert
Cisco Employee
Cisco Employee

‎03-13-2007 12:01 PM

Andy,

Here is what I did. I had the ASA and SCEP configured for Microsoft CA.

I generated the CSR on the ASA - at that time, this was the output of sh cry ca cert

Subject Name:

Name: VPNASA

Status: Pending terminal enrollment

Key Usage: General Purpose

Fingerprint: ccccccb bbbbbb9 90f5ebb4 ab37e34a

After that, I got the CA certificate through SCEP and installed the identity certificate which I obtained from the microsoft CA server.

Can you please send me the "sh cry ca cert" and also a snippet of your config to check out the crypto trustpoint configured.

Thanks

Gilbert

0 Helpful

andrew100
Level 1
Level 1
In response to ggilbert

‎03-13-2007 12:40 PM

Hi Gilbert,

Thanks for your response! I have MSWord screen shots of exactly what i did but was live for a customer and contains sensitive info - I will recreate in my lab straight away!

However - here is my events,

Generate RSA general keys

Create trustpoint with SCEP URL and then reference the RSA key label just generated

Crypto CA authenticate

Accept the cert

Show crypto ca certs shows the CA cert

Crypto ca enroll - answer the questions, certificate is pending.

It is now that these 'RA' certs x2 appear under 'show crypto ca certs'.

Issue the certificate on the CA

Show crypto ca cert shows Root and ID cert and the 'RA' certs disappear?

Exactly the same happens on VPN client...

What are these RA certs etc

Thanks for your help Gilbert :-)

Andy

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents