Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2060
Views
5
Helpful
3
Replies

HTTP Error 403 - Forbidden on Cisco ISE and SCEP RA

jay.kishan
Level 1
Level 1

‎02-26-2014 05:08 AM - edited ‎03-10-2019 09:27 PM

Dear Experts,

We are in process of deploying ISE 1.2 in our environment for BYOD.

The initial step of this process is to configure ISE as an SCEP Proxy and it requires certain configuration on the local CA. We have done all the required configurations on the local CA server.

Now, when we try to connect ISE with the local CA using SCEP RA Profiles, it gives "HTTP Error 403 - Forbidden". The URL we are using is http://ipaddress/certsrv/mscep/mscep.dll.

It seems that the local CA is not letting the ISE access the mscep.dll file. Now I dont understand how to allow ISE to access this file or the url. Please advise if there is any step by step process guide. Although, I have followed the ones from Cisco but it doesn't state how to give ISE the required rights for accessing mscep.dll.

Thanks in advance.

Jay

Labels:
0 Helpful
3 Replies 3

Charlie Moreton
Cisco Employee
Cisco Employee

‎02-26-2014 05:30 AM

Jay,

You should use this URL:

https://ipaddress/certsrv/mscep

If you try to get the cert from an http address, you will get an error.  You should be using https.  Also, the mscep.dll should not be part of the URL.

SCEP1.GIF

You can test this connectivity from any browser by putting that URL in the sddress bar.  You should see a page similar to this:

SCEP2.GIF

Please Rate Helpful posts and mark this question as answered if, in fact, this does answer your question.  Otherwise, feel free to post follow-up questions.

Charles Moreton

jay.kishan
Level 1
Level 1
In response to Charlie Moreton

‎02-26-2014 05:42 AM

Charles,

Thanks for your reply.

However, if I use https://ipaddress/certsrv/mscep then I get this error.

SCEP Error.png

Also, If I type this on the URL using https then I get 500 - Internal Server Error. And If I do it using http then I get 403 - Forbidden Access is denied.

0 Helpful

Charlie Moreton
Cisco Employee
Cisco Employee
In response to jay.kishan

‎02-26-2014 06:26 AM

Jay,

You may want to check the NDES settings on the CA Server.

0 Helpful
Customers Also Viewed These Support Documents