https://community.cisco.com/t5/network-security/pix-certificate-issue/m-p/199875#M605467 <HTML><HEAD></HEAD><BODY><P>Hi Scott,</P><P></P><P>I've been wrangling with the MS CRLs too. Once I've cleaned up the URLs in the CDP attribute of the root CA cert, what else should I be aware of? I don't have an LDAP ip assigned in the ca identity line.</P><P></P><P>Do you have a successful formula or checklist for this config? I want to be able to reproduce this setup a number of times and want to make sure all the gotchas are taken care of in the documentation. Then I will post the result on the cisco site via one of their techs so that others don't go through as much pain as we have....</P><P></P><P>Thanks</P><P>Philip</P></BODY></HTML> Mon, 05 Jan 2004 16:23:38 GMT p-cousins 2004-01-05T16:23:38Z https://community.cisco.com/t5/network-security/pix-certificate-issue/m-p/199871#M605463 <P>I'm trying to connect a PIX FW and a VPN 3015 with the use of certificates.</P><P></P><P>I followed the instructions found in TAC, but at a given moment there's a command that configures your CA server to get the certificates, and it's here that it goes wrong.</P><P></P><P>--&gt; ca identity abcd 10.1.0.2:/certsrv/mscep/mscep.dll &lt;--</P><P></P><P>The given path and dll are not found on my W2 CA server: mscep/mscep.dll !</P><P></P><P>Any idea what went wrong or do I need to point to another file on our W2K CA server ?</P><P></P> Fri, 21 Feb 2020 06:46:08 GMT https://community.cisco.com/t5/network-security/pix-certificate-issue/m-p/199871#M605463 SDWorx_2 2020-02-21T06:46:08Z https://community.cisco.com/t5/network-security/pix-certificate-issue/m-p/199872#M605464 <HTML><HEAD></HEAD><BODY><P>You have to install an addon application on your Micarosoft CA server. I believe it is called MS-SCEP. You can look at Microsoft's site for that</P><P>Jazib</P></BODY></HTML> Wed, 28 May 2003 11:44:57 GMT https://community.cisco.com/t5/network-security/pix-certificate-issue/m-p/199872#M605464 jfrahim 2003-05-28T11:44:57Z https://community.cisco.com/t5/network-security/pix-certificate-issue/m-p/199873#M605465 <HTML><HEAD></HEAD><BODY><P>Let me know if you dont find it. I remember it took a bit of looking on MS's site to get it. </P><P></P><P>If you plan to Revoke your Certs, There are some issue in getting the CRL to work properly. </P><P></P><P>You need to have the 6.3 (1) code and you need to leave off the LDAP address on the ca identity command.</P><P></P><P>I've spent months with Cisco trying to get revoked Certs to work properly. Let me know if you need some assistance.</P><P></P><P>Scott&lt;-</P></BODY></HTML> Wed, 04 Jun 2003 18:10:56 GMT https://community.cisco.com/t5/network-security/pix-certificate-issue/m-p/199873#M605465 stownsend 2003-06-04T18:10:56Z https://community.cisco.com/t5/network-security/pix-certificate-issue/m-p/199874#M605466 <HTML><HEAD></HEAD><BODY><P>You have to install mscep utility (cepsetup.exe), you can find it on Microsoft Add-On CD. This utility install RA on CA, after that you can make enrollment.</P></BODY></HTML> Fri, 27 Jun 2003 08:30:38 GMT https://community.cisco.com/t5/network-security/pix-certificate-issue/m-p/199874#M605466 JAKUB CHYTRACEK 2003-06-27T08:30:38Z https://community.cisco.com/t5/network-security/pix-certificate-issue/m-p/199875#M605467 <HTML><HEAD></HEAD><BODY><P>Hi Scott,</P><P></P><P>I've been wrangling with the MS CRLs too. Once I've cleaned up the URLs in the CDP attribute of the root CA cert, what else should I be aware of? I don't have an LDAP ip assigned in the ca identity line.</P><P></P><P>Do you have a successful formula or checklist for this config? I want to be able to reproduce this setup a number of times and want to make sure all the gotchas are taken care of in the documentation. Then I will post the result on the cisco site via one of their techs so that others don't go through as much pain as we have....</P><P></P><P>Thanks</P><P>Philip</P></BODY></HTML> Mon, 05 Jan 2004 16:23:38 GMT https://community.cisco.com/t5/network-security/pix-certificate-issue/m-p/199875#M605467 p-cousins 2004-01-05T16:23:38Z