Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
453
Views
0
Helpful
1
Replies

Getting OU info in a router certificate

g.raymakers
Level 1
Level 1

‎06-29-2002 01:18 AM - edited ‎03-08-2019 11:15 PM

I'm running an IPSec tunnel between 2 routers. ISAKMP authentication is based upon certs. The certs are created using SCEP to a Microsoft CA server. The tunnel is working fine, except that it get error messages like "%CRYPTO-6-IKMP_UNITY_BUT_NO_OU_IN_CERT: Cert presented by peer 62.154.

251.250 contains no OU field. Unable to obtain group identity.". I've checked an indeed there's no 'Organisation Unit' in the cert present. How do I get the OU or O field information in the cert ?

Thanks,

Guy

Labels:
0 Helpful
1 Reply 1

paqiu
Level 1
Level 1

‎06-29-2002 03:00 AM

Organisationh Unit field also called "department" field.

When you are installing your Microsoft CA server, you need fill out all the blanks, one of those blanks is "department", you need fill that out as well.

For example "sydneyvpn", then the OU will be "sydneyvpn".

You need to reinstall the Microsoft CA server to re fill out all the blanks.

Otherwise, all the routers and PIX using SCEP to enroll, there is no way to get a OU field. (Because you can not specify the OU during the enrollment.)

For VPN client 3.x and VPN 3000, we can fill out a form to enroll to Microsoft CA server, we can manually put a department or OU name there.

So for VPN client 3.x and VPN 3000, we do not have this problem.

0 Helpful
Customers Also Viewed These Support Documents