Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

windows 2008 CA

Hi,

does anybody knows how implement pix-to-pix vpn using certificates with root certificate server running in windows 2008 server.

i tried with the windows 2003 guide but i recived a error.

thx

9 REPLIES

Re: windows 2008 CA

What is the error you receive? and when is it received? when enrolling? is enrollment done?

New Member

Re: windows 2008 CA

i recivied this error after enrollment command: ca enroll....

Crypto CA thread wakes up!

%

% Start certificate enrollment ..

% The subject name in the certificate will be: FW-MP.mp.hn

CI thread wakes up!

% Certificate request sent to Certificate Authority

% The certificate request fingerprint will be displayed.

FW-MP(config)#

CRYPTO_PKI: transaction PKCSReq completed

CRYPTO_PKI: status:

Crypto CA thread sleeps! Fingerprint: 1dff924b d3222c18 67f9195a 6ba7de3f

CRYPTO_PKI: http connection opened

The certificate enrollment request failed!

CRYPTO_PKI: received msg of 2411 bytes

CRYPTO_PKI: WARNING: Certificate, private key or CRL was not found while selecting CRL

CRYPTO_PKI: status = 0: failed to process the received pki msg

Insert Selfsigned Certificate:

30 82 01 8b 30 82 01 35 02 20 64 39 31 32 65 64 37 33 62 32

32 32 37 39 37 37 34 62 62 38 38 32 63 38 37 62 64 30 65 35

37 38 30 0d 06 09 2a 86 48 86 f7 0d 01 01 04 05 00 30 41 31

3f 30 0f 06 03 55 04 05 13 08 33 36 31 35 64 39 65 64 30 12

06 03 55 04 03 13 0b 46 57 2d 4d 50 2e 6d 70 2e 68 6e 30 18

06 09 2a 86 48 86 f7 0d 01 09 02 16 0b 46 57 2d 4d 50 2e 6d

Re: windows 2008 CA

Just wondering, how big is the key cypher selected? 1024? 2048? how large is it?

New Member

Re: windows 2008 CA

i used this command

ca generate rsa key 512

Re: windows 2008 CA

I actually meant from the CA server.

New Member

Re: windows 2008 CA

1024

Cisco Employee

Re: windows 2008 CA

Make sure the times are matching on both CA and the ASA.

Re: windows 2008 CA

Can you post your PIX configuration here please? Also does your CA show that this Certificate is issued? Have you downloaded the CA Root before with the CA Authenticate?

New Member

windows 2008 CA

Hello,

I have exactly the same issue. How did you solved the problem ?

I think PixOS 6.3 does not work with Windows 2008 NDES.

I tried with an ASA and IOS, it is working for these devices.

Thanks & regards.

394
Views
0
Helpful
9
Replies
CreatePlease to create content