I have configured a SCEP server and downloaded and imported the certificate:
crypto pki trustpoint XXXXX
enrollment mode ra
enrollment url http://xxxxxxxxxxxxxx:80/x/x/x/x.dll
rsakeypair (same as trustpoint name)
I authenticated the trustpoint and enrolled and imported a certificate.
I have a certificate chain.
I have configured the following for the http server:
ip http secure-client-auth
ip http secure-trustpoint XXXXX
ip http secure-peer-verify-trustpoint XXXXXXX
If I have this and leave the self signed certs in place it still passes the self signed cert, asked for the client cert, and then the web page spins forever or times out.
If I delete the self signed certs via deleting the SLA-Trustpoint and the TP-self-signed, the browser returns an unsupported protocol or cipher error. I have left the default TLS, including 1.1 and 1.2 (which both browsers I have tried are set to) and the ciphersuite to the default.
Any ideas where I'm going wrong?