Pix 506 with Microsoft Enterprise CA

jzonts · ‎10-11-2001

I can not seem to receive a Certificate from an Enterprise CA from MS. If a standalone CA is used, I can issue the Certificate. Is it possible for the PIX 506 to receive a certificate from an enterprise CA, and if so, How?

smalkeric · ‎10-16-2001

I think MS certs are supported in 6.x. What version are you running?

m-reza · ‎11-09-2001

In a default configuration, the Win2k CA does NOT support the CEP protocol that Cisco gear uses. Also, service pack 1 (at least) is REQUIRED. Follow these steps:

1. Install Win2k. Un-install IIS.

2. Apply Service Pack 1.

3. Install IIS again... AFTER you have installed SP1.

4. Download CEP add-on for the Certificate Server from the following URL:

http://corporate.windowsupdate.microsoft.com/en/default.asp

5. The file to be downloaded is :

cepsetup.exe

6. Run this file.

I've set it up this way and it works fine :-)

If you need more help, you can contact me via email.

Masud

g.raymakers · ‎02-15-2002

Is there a way to extend the validity of teh certificate when using a standard MS CA server with the SCEP module ?

In teh default config the RA (SCEP) has a validity o 1 year and the issued cert's as well. This should be much longer as we don't want to issue cert's each year....

Thanks,

Guy

jfrahim · ‎02-19-2002

you have to disable authentication in the IIS server itself so that it does not prompt for a username/password. This only happens on the enterprise CA server