PIX 501 get a CA from MS CA server..

rgrcommo · ‎04-13-2002

Main Goal: To have a PIX 501 get a CA from MS CA server..

How does PIX or a router get a CA from the MS certificate

server? I understand the lines of code you have to type in on a PIX / router

i.e.path to get to the CA server but How does the CA server do this

dynamically?

-I have no auth on the CA server so from a PC on the LAN I get

in w/o typing a u/n passwrd. URL: http://192.168.0.100/certsrv/ and it

brings up a web page that shows me 3 options.

My question is how does PIX/Router know where to go from

here...? I can not seem to find out how the PIX gets the CA from the

server.. I am missing something.. I'm just not sure what at this point.

-Jeff

cjacinto · ‎04-15-2002

First your CA server should have CEP installed, it is part of W2K resource kit.

The router or PIX gets the root CA certificate from the server via the authenticate command (you type it from the config mode) and then it gets its identity cert by enrolling to the ca server, again from the config mode.

see the step by step guide on the PIX to do this on:http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_61/config/ipsecint.htm#xtocid7

see section on: Configuring the PIX Firewall to Use Certificates

rgrcommo · ‎04-17-2002

thanks!