Does anybody have SCEP working with a "challenge password" with either a Microsoft or IOS CA? Could you share the relevant config bits?
I know the PW needs to be entered when the SCEP plugin is installed on the MS CA, but the requests from the routers fail when a challenge pw is configured. I never get prompted for a pw and the only pw config in the client router seems to be for creating a password that you'd need if you ever wanted to revoke the cert.
I have a Microsoft CA that works without a password which automatically grants all cert requests but when I configure a SCEP challenge password the cert requests fail. If I set the CA to require approval before signing the certs, the CA gets the requests just fine, I approve the requests and the CA issues a cert, but the routers are never successful at retrieving the signed certs. I'd rather not have my CA configured to automatically grant every request from anybody who finds it without so much as a password. That's not what I'd call secure.
I've also gotten an IOS CA to work without passwords or approval but I'd prefer to use the MS CA.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in HA
DocumentationCode download linksGoalRequirementLimitationsSupported ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and UCS-E Blades:Step by Step ConfigurationCo...
I am currently unable to specify "crypto keyring" command when configuring VPN connection on my cisco 2901 router.
The following licenses have been activated on my router :