Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
399
Views
0
Helpful
1
Replies

Configuring CA on a pix 515 E

cchorao
Level 1
Level 1

‎06-03-2006 02:50 PM - edited ‎02-21-2020 12:56 AM

HI,

I am having problems configuring CA on my pix 515E running 6.3(5) and a restricted licence.

I am using Win 2003 for CA server. I have not had any issues configuring CA on IOS or ASA 7.1. However no success with the 515. I am not sure what the problem is either :

a) issue with win2003 CA. The config guide for 6.3(5) mentions win 2k as the compatible CA server;

b) the restricted licence (i dont think so ???).cant find anything at CCO that suggests this may be the case.

c) my config ( see below)

Appreciate any suggestions

thanks

carlos chorao #11351.r/s

When I auth the CA I get the following

labpix(config)# ca auth ca_1

Certificate has the following attributes:

Fingerprint: a83c33c1 9d17ccdb b71b0c4d 8a35db36

however when i look for the public cer i get zip

labpix(config)# ca auth ca_1

Certificate has the following attributes:

Fingerprint: a83c33c1 9d17ccdb b71b0c4d 8a35db36

labpix(config)# exit

labpix# sh ca cert

labpix#

detailed configs are below-----------------------------------------------

labpix# sh ca mypub rsa

% Key pair was generated at: 13:16:47 nz Jun 3 2006

Key name: xxxx

Usage: General Purpose Key

Key Data:

305c300d 06092a86 4886f70d 01010105 00034b00 30480241 00d84cf1 17d63ecb

2f8dfa46 b963aa5a 50d929f4 c5ce208d 2e34c024 ac3aad53 72a2e4bf a9a16072

f9d74c26 5b70325c b10c50aa e7766add 82485e84 dff9eb31 4f020301 0001

labpix#

labpix# sh run

: Saved

..

...

ca identity ca_1 10.1.1.2:/certsrv/mscep/mscep.dll

ca configure ca_1 ca 1 10

Cisco PIX Firewall Version 6.3(5)

Cisco PIX Device Manager Version 3.0(4)

Compiled on Thu 04-Aug-05 21:40 by morlee

labpix up 2 hours 38 mins

Hardware: PIX-515E, 64 MB RAM, CPU Pentium II 433 MHz

Flash E28F128J3 @ 0x300, 16MB

BIOS Flash AM29F400B @ 0xfffd8000, 32KB

0: ethernet0: address is 0015.6398.8263, irq 10

1: ethernet1: address is 0015.6398.8264, irq 11

2: ethernet2: address is 000e.0c85.34b6, irq 11

Licensed Features:

Failover: Disabled

VPN-DES: Enabled

VPN-3DES-AES: Disabled

Maximum Physical Interfaces: 3

Maximum Interfaces: 5

Cut-through Proxy: Enabled

Guards: Enabled

URL-filtering: Enabled

Inside Hosts: Unlimited

Throughput: Unlimited

IKE peers: Unlimited

This PIX has a Restricted (R) license.

0 Helpful
1 Reply 1

cchorao
Level 1
Level 1

‎06-03-2006 09:20 PM

Found the problem.

deb crypto ca reveals the issue :

CRYPTO_PKI: Error: Invalid format for BER encoding while

CRYPTO_PKI: can not set ca cert object.

CRYPTO_PKI: status = 65535: failed to process RA certificate

Crypto CA thread sleeps!

CI thread wakes up!

The problem - I used "ca" instead of "ra" in the ca configure command.

it was

ca configure ca_1 ca 1 10

should be

ca configure ca_1 ra 1 10

carlos chorao #11351.r/s

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card