https://community.cisco.com/t5/network-security/asa-ca-enrollment/m-p/764250#M1006840 <P>I want to authenticate my ipsec vpn client by using certificate. I am using asa5540 as ipsec vpn server. The first step I should do is create an trustpoint and authenticate it to ca. the trustpoint name is knasaca</P><P></P><P>when I execute the command</P><P></P><P>crypto ca authenticate knasaca</P><P></P><P>I have encountered the debug output below</P><P>crypto_ca_get_ca_certificate(17793220, 169d0a0)</P><P>crypto_pki_req(17793220, 11, ...)</P><P>Crypto CA thread wakes up!</P><P></P><P>CRYPTO_PKI: Sending CA Certificate Request: </P><P>GET /cgi-bin/pkiclient.exe?operation=GetCACert&amp;message=knasaca HTTP/1.0</P><P></P><P>CRYPTO_PKI: http connection opened</P><P>CRYPTO_PKI: content dump count 75----------</P><P>CRYPTO_PKI: For function crypto_http_send</P><P>GET /cgi-bin/pkiclient.exe?operation=GetCACert&amp;message=knasaca HTTP/1.0</P><P></P><P>CRYPTO_PKI: For function crypto_http_send</P><P>CRYPTO_PKI: content dump-------------------</P><P></P><P>ERROR: receiving Certificate Authority certificate: status = FAIL, cert length = 0</P><P>asavpn(config)# </P><P>CRYPTO_PKI: HTTP response header:</P><P> HTTP/1.1 404 Object Not Found</P><P>Server: Microsoft-IIS/5.0</P><P>Date: Thu, 19 Apr 2007 08:14:03 GMT</P><P>Content-Length: 4040</P><P>Content-Type: text/html</P><P></P><P>Content-Type indicates we did not receive a certificate.</P><P></P><P>CRYPTO_PKI: transaction GetCACert completedCrypto CA thread sleeps!</P><P></P><P></P><P>what can be the problem.</P><P>is there anyone who can send me the prosedure to accomplish fully ca configuration.</P><P></P><P>thanks in advance</P><P>Dogan</P><P></P> Mon, 11 Mar 2019 10:01:43 GMT dogany 2019-03-11T10:01:43Z https://community.cisco.com/t5/network-security/asa-ca-enrollment/m-p/764250#M1006840 <P>I want to authenticate my ipsec vpn client by using certificate. I am using asa5540 as ipsec vpn server. The first step I should do is create an trustpoint and authenticate it to ca. the trustpoint name is knasaca</P><P></P><P>when I execute the command</P><P></P><P>crypto ca authenticate knasaca</P><P></P><P>I have encountered the debug output below</P><P>crypto_ca_get_ca_certificate(17793220, 169d0a0)</P><P>crypto_pki_req(17793220, 11, ...)</P><P>Crypto CA thread wakes up!</P><P></P><P>CRYPTO_PKI: Sending CA Certificate Request: </P><P>GET /cgi-bin/pkiclient.exe?operation=GetCACert&amp;message=knasaca HTTP/1.0</P><P></P><P>CRYPTO_PKI: http connection opened</P><P>CRYPTO_PKI: content dump count 75----------</P><P>CRYPTO_PKI: For function crypto_http_send</P><P>GET /cgi-bin/pkiclient.exe?operation=GetCACert&amp;message=knasaca HTTP/1.0</P><P></P><P>CRYPTO_PKI: For function crypto_http_send</P><P>CRYPTO_PKI: content dump-------------------</P><P></P><P>ERROR: receiving Certificate Authority certificate: status = FAIL, cert length = 0</P><P>asavpn(config)# </P><P>CRYPTO_PKI: HTTP response header:</P><P> HTTP/1.1 404 Object Not Found</P><P>Server: Microsoft-IIS/5.0</P><P>Date: Thu, 19 Apr 2007 08:14:03 GMT</P><P>Content-Length: 4040</P><P>Content-Type: text/html</P><P></P><P>Content-Type indicates we did not receive a certificate.</P><P></P><P>CRYPTO_PKI: transaction GetCACert completedCrypto CA thread sleeps!</P><P></P><P></P><P>what can be the problem.</P><P>is there anyone who can send me the prosedure to accomplish fully ca configuration.</P><P></P><P>thanks in advance</P><P>Dogan</P><P></P> Mon, 11 Mar 2019 10:01:43 GMT https://community.cisco.com/t5/network-security/asa-ca-enrollment/m-p/764250#M1006840 dogany 2019-03-11T10:01:43Z https://community.cisco.com/t5/network-security/asa-ca-enrollment/m-p/764251#M1006842 <HTML><HEAD></HEAD><BODY><P>This chapter describes how to configure certificates. CAs are responsible for managing certificate requests and issuing digital certificates. A digital certificate contains information that identifies a user or device. Some of this information can include a name, serial number, company, department, or IP address. A digital certificate also contains a copy of the public key for the user or device. A CA can be a trusted third party, such as VeriSign, or a private (in-house) CA that you establish within your organization. </P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_70/config/certs.htm" target="_blank">http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_70/config/certs.htm</A></P></BODY></HTML> Fri, 27 Apr 2007 11:59:33 GMT https://community.cisco.com/t5/network-security/asa-ca-enrollment/m-p/764251#M1006842 gmarogi 2007-04-27T11:59:33Z