Heads Up :
The post you are writing will appear in a public forum. Please ensure all content is appropriate for public consumption. Review the employee guidelines for the community here.
In PKI how do I revoke client's certificates? I know I can do
crypto pki server NAME revoke 1
but how do I know serial number if I don't have access to the device with certificate I want to revoke? Let's say the device is stolen and I don't want a...
Hello. I've got topology with several links from different ISPs go into switch (Catalyst 2950) and then through trunk (each ISP in its own VLAN) go into router (Cisco 2821). What settings should I apply for switch WAN ports to block unnecessary traff...
Can anyone help me with understanding one thing about AAA authorization on Cisco IOS. Here is a config fragment:aaa authorization config-commands
aaa authorization exec default group tacacs+ local
aaa authorization commands 1 default group tacacs+
aa...
I've finally got the exact steps for my error to appear. All configs are the same. So I'm creating pki server and trustpoint on client. Then I authenticate and enroll. At this moment I can see client's request on server:
#crypto pki server MAIN-CA ...
Nope. That wasn't the cause.Now it works in both variants - with "crypto pki" and "crypto ca". Don't know why. It... just started to work. I did the same steps and get HTTP 200 OK.So... I'll post if I find out something new.
Ok, found it. Kind of typo. Don't remember where I get it but this part of client's config wrong:
crypto ca trustpoint CLIENT-CA
enrollment url http://198.0.0.1:8080
revocation-check none
rsakeypair CLIENT-CA
crypto ca authenticate CLIENT-CA
cry...
