02-26-2014 05:08 AM - edited 03-10-2019 09:27 PM
Dear Experts,
We are in process of deploying ISE 1.2 in our environment for BYOD.
The initial step of this process is to configure ISE as an SCEP Proxy and it requires certain configuration on the local CA. We have done all the required configurations on the local CA server.
Now, when we try to connect ISE with the local CA using SCEP RA Profiles, it gives "HTTP Error 403 - Forbidden". The URL we are using is http://ipaddress/certsrv/mscep/mscep.dll.
It seems that the local CA is not letting the ISE access the mscep.dll file. Now I dont understand how to allow ISE to access this file or the url. Please advise if there is any step by step process guide. Although, I have followed the ones from Cisco but it doesn't state how to give ISE the required rights for accessing mscep.dll.
Thanks in advance.
Jay
02-26-2014 05:30 AM
Jay,
You should use this URL:
https://ipaddress/certsrv/mscep
If you try to get the cert from an http address, you will get an error. You should be using https. Also, the mscep.dll should not be part of the URL.
You can test this connectivity from any browser by putting that URL in the sddress bar. You should see a page similar to this:
Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question. Otherwise, feel free to post follow-up questions.
Charles Moreton
02-26-2014 05:42 AM
Charles,
Thanks for your reply.
However, if I use https://ipaddress/certsrv/mscep then I get this error.
Also, If I type this on the URL using https then I get 500 - Internal Server Error. And If I do it using http then I get 403 - Forbidden Access is denied.
02-26-2014 06:26 AM
Jay,
You may want to check the NDES settings on the CA Server.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide