Cisco Support Community
Community Member

vpn client 4.8 can't enroll to IOS CA

We have an 857 as IOS certificate server and have an ASA5520 authenticated/enrolled to it successfully. However we cannot enroll vpn client 4.8 to it, appears to be http authorization problem on IOS CA any ideas what I am doing wrong.

Have attached error log from client.


Re: vpn client 4.8 can't enroll to IOS CA

Using the VPN Client with Entrust Entelligence might result in a delay of approximately 30 seconds if you are trying to connect while Entrust is "online" with the CA. This delay varies, depending on your Entrust CA configuration. If the Entrust CA is on the private network, then the chance of Entrust being online are low, since the VPN connection is needed to communicate with the CA.

If you experience this delay, do one of the following:

Wait for the delay to end and proceed with the VPN connection normally.

Before initiating the VPN Client connection, log out of Entrust. The VPN Client will initiate the Entrust Login Interface with the "work offline" checkbox checked, which alleviates the problem. The easiest way to log out of Entrust is to right-click on the Entrust tray icon (gold key) and select "Log out of Entrust"

Community Member

Re: vpn client 4.8 can't enroll to IOS CA

Thanks for the reply Sandesh,

However, we are not using the VPN client with Entrust, but with the Cisco IOS Certificate Server.

We have now resolved the issue today, we captured the format of the SCEP URL request from a Cisco router to the Cisco IOS CA and used this when entering the CA URL on the VPN client enrollment screen and it enrolled successfully.

Format for the VPN Client CA URL field was;


CreatePlease to create content