Buy or Renew
Buy or Renew
Meraki Community is live! Welcome Meraki Members! Learn more here.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1282
Views
0
Helpful
1
Replies

asa ca enrollment

dogany
Community Member

‎04-19-2007 12:27 AM - edited ‎03-11-2019 03:01 AM

I want to authenticate my ipsec vpn client by using certificate. I am using asa5540 as ipsec vpn server. The first step I should do is create an trustpoint and authenticate it to ca. the trustpoint name is knasaca

when I execute the command

crypto ca authenticate knasaca

I have encountered the debug output below

crypto_ca_get_ca_certificate(17793220, 169d0a0)

crypto_pki_req(17793220, 11, ...)

Crypto CA thread wakes up!

CRYPTO_PKI: Sending CA Certificate Request:

GET /cgi-bin/pkiclient.exe?operation=GetCACert&message=knasaca HTTP/1.0

CRYPTO_PKI: http connection opened

CRYPTO_PKI: content dump count 75----------

CRYPTO_PKI: For function crypto_http_send

GET /cgi-bin/pkiclient.exe?operation=GetCACert&message=knasaca HTTP/1.0

CRYPTO_PKI: For function crypto_http_send

CRYPTO_PKI: content dump-------------------

ERROR: receiving Certificate Authority certificate: status = FAIL, cert length = 0

asavpn(config)#

CRYPTO_PKI: HTTP response header:

HTTP/1.1 404 Object Not Found

Server: Microsoft-IIS/5.0

Date: Thu, 19 Apr 2007 08:14:03 GMT

Content-Length: 4040

Content-Type: text/html

Content-Type indicates we did not receive a certificate.

CRYPTO_PKI: transaction GetCACert completedCrypto CA thread sleeps!

what can be the problem.

is there anyone who can send me the prosedure to accomplish fully ca configuration.

thanks in advance

Dogan

Labels:
0 Helpful
1 Reply 1

gmarogi
Level 9
Level 9

‎04-27-2007 04:59 AM

This chapter describes how to configure certificates. CAs are responsible for managing certificate requests and issuing digital certificates. A digital certificate contains information that identifies a user or device. Some of this information can include a name, serial number, company, department, or IP address. A digital certificate also contains a copy of the public key for the user or device. A CA can be a trusted third party, such as VeriSign, or a private (in-house) CA that you establish within your organization.

http://www.cisco.com/univercd/cc/td/doc/product/multisec/asa_sw/v_70/config/certs.htm

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card