https://community.cisco.com/t5/network-access-control/ca-authentication-on-pix/m-p/194303#M6273 <P>PIX 515 with VPN and des enabled running Ver. 6.1</P><P></P><P>I hv configured the pix for the CA cert server authentication using W2K Domain Controller and was unable to authenticate the cert server thru pix. The config was done using the following command mentioned below:</P><P></P><P>pix(config)# ca generate rsa specialkey rsa 512</P><P>For &lt;key_modulus_size&gt; &gt;= 512, key generation could</P><P> take up to several minutes. Please wait.</P><P>pix(config)# ca identity caserver 140.188.8.13://caserver/certsrv/mscep/mscep.dll</P><P>pix(config)# ca configure caserver ca 1 20 crloptional</P><P>pix(config)# show ca mypubkey rsa</P><P>% Key pair was generated at: 13:00:09 UTC Jan 23 2003</P><P>Key name: pix.domain.net</P><P> Usage: Encryption Key</P><P> Key Data: XXXXX</P><P></P><P>pix(config)# ca authenticate caserver</P><P></P><P>pix(config)#</P><P></P><P>After issuing the above said command, i can see neithier any attributes nor any finger prints. The same thing was also implemented on a router with FW based IOS where it generated an error msg "% Error in receiving Certificate Authority certificate: status = FAIL, cert length = 0".</P><P></P><P>What shud be the problem for the above mentioned and shall be of great help in resolving the same.</P><P></P><P>Rgds,</P><P></P><P>Deepak</P><P></P> Fri, 21 Feb 2020 18:05:51 GMT d.majumdar 2020-02-21T18:05:51Z https://community.cisco.com/t5/network-access-control/ca-authentication-on-pix/m-p/194303#M6273 <P>PIX 515 with VPN and des enabled running Ver. 6.1</P><P></P><P>I hv configured the pix for the CA cert server authentication using W2K Domain Controller and was unable to authenticate the cert server thru pix. The config was done using the following command mentioned below:</P><P></P><P>pix(config)# ca generate rsa specialkey rsa 512</P><P>For &lt;key_modulus_size&gt; &gt;= 512, key generation could</P><P> take up to several minutes. Please wait.</P><P>pix(config)# ca identity caserver 140.188.8.13://caserver/certsrv/mscep/mscep.dll</P><P>pix(config)# ca configure caserver ca 1 20 crloptional</P><P>pix(config)# show ca mypubkey rsa</P><P>% Key pair was generated at: 13:00:09 UTC Jan 23 2003</P><P>Key name: pix.domain.net</P><P> Usage: Encryption Key</P><P> Key Data: XXXXX</P><P></P><P>pix(config)# ca authenticate caserver</P><P></P><P>pix(config)#</P><P></P><P>After issuing the above said command, i can see neithier any attributes nor any finger prints. The same thing was also implemented on a router with FW based IOS where it generated an error msg "% Error in receiving Certificate Authority certificate: status = FAIL, cert length = 0".</P><P></P><P>What shud be the problem for the above mentioned and shall be of great help in resolving the same.</P><P></P><P>Rgds,</P><P></P><P>Deepak</P><P></P> Fri, 21 Feb 2020 18:05:51 GMT https://community.cisco.com/t5/network-access-control/ca-authentication-on-pix/m-p/194303#M6273 d.majumdar 2020-02-21T18:05:51Z https://community.cisco.com/t5/network-access-control/ca-authentication-on-pix/m-p/194304#M6274 <HTML><HEAD></HEAD><BODY><P>The Windows 2000 CA server acts as an RA, not a CA, so do:</P><P></P><P>&gt; ca configure caserver ra 1 20 crloptional</P><P></P><P>Note the "ra", not "ca". See <A class="jive-link-custom" href="http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_62/config/sit2site.htm#1006943" target="_blank">http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_62/config/sit2site.htm#1006943</A></P></BODY></HTML> Tue, 28 Jan 2003 01:49:10 GMT https://community.cisco.com/t5/network-access-control/ca-authentication-on-pix/m-p/194304#M6274 gfullage 2003-01-28T01:49:10Z