Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1416
Views
0
Helpful
1
Replies

CA authentication on PIX

d.majumdar
Level 1
Level 1

‎01-24-2003 11:17 AM - edited ‎02-21-2020 10:05 AM

PIX 515 with VPN and des enabled running Ver. 6.1

I hv configured the pix for the CA cert server authentication using W2K Domain Controller and was unable to authenticate the cert server thru pix. The config was done using the following command mentioned below:

pix(config)# ca generate rsa specialkey rsa 512

For <key_modulus_size> >= 512, key generation could

take up to several minutes. Please wait.

pix(config)# ca identity caserver 140.188.8.13://caserver/certsrv/mscep/mscep.dll

pix(config)# ca configure caserver ca 1 20 crloptional

pix(config)# show ca mypubkey rsa

% Key pair was generated at: 13:00:09 UTC Jan 23 2003

Key name: pix.domain.net

Usage: Encryption Key

Key Data: XXXXX

pix(config)# ca authenticate caserver

pix(config)#

After issuing the above said command, i can see neithier any attributes nor any finger prints. The same thing was also implemented on a router with FW based IOS where it generated an error msg "% Error in receiving Certificate Authority certificate: status = FAIL, cert length = 0".

What shud be the problem for the above mentioned and shall be of great help in resolving the same.

Rgds,

Deepak

Labels:
0 Helpful
1 Reply 1

gfullage
Cisco Employee
Cisco Employee

‎01-27-2003 05:49 PM

The Windows 2000 CA server acts as an RA, not a CA, so do:

> ca configure caserver ra 1 20 crloptional

Note the "ra", not "ca". See http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_sw/v_62/config/sit2site.htm#1006943

0 Helpful
Customers Also Viewed These Support Documents