Hello,
I have a problem for request a certificate for a Cisco IOS router from a Microsoft CA. I can obtain the CA certificate but when i do the enroll i don´t obtain the certificate of router.
With deb pki i obtain:
POD2(config)#crypto ca enroll profesor2
%
% Start certificate enrollment ..
% Create a challenge password. You will need to verbally provide this
password to the CA Administrator in order to revoke your certificate.
For security reasons your password will not be saved in the configuration.
Please make a note of it.
Password:
Re-enter password:
% The fully-qualified domain name in the certificate will be: POD2.secur.com
% The subject name in the certificate will be: POD2.secur.com
% Include the router serial number in the subject name? [yes/no]: no
% Include an IP address in the subject name? [no]: no
Request certificate from CA? [yes/no]: yes
% Certificate request sent to Certificate Authority
% The certificate request fingerprint will be displayed.
% The 'show crypto ca certificate' command will also show the fingerprint.
POD2(config)#
21:39:55: CRYPTO_PKI: Sending CA Certificate Request:
GET /certsrv/mscep/mscep.dll/pkiclient.exe?operation=GetCACert&message=profesor2 HTTP/1.0
21:39:55: CRYPTO_PKI: http connection opened
21:39:56: CRYPTO_PKI: HTTP response header:
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Wed, 01 Jun 2005 07:52:14 GMT
Content-Length: 2525
Content-Type: application/x-x509-ca-ra-cert
Content-Type indicates we have received CA and RA certificates.
21:39:56: CRYPTO_PKI:crypto_process_ca_ra_cert(trustpoint=profesor2)
21:39:56: CRYPTO_PKI:CA and RA certs (cert data):
- Hide the output -
21:39:57: The PKCS #7 message contains 3 certificates.
21:39:57: CRYPTO_PKI: transaction PKCSReq completed
21:39:57: CRYPTO_PKI: status:
21:39:57: CRYPTO_PKI: status = 0: failed to select RA encrypt cert
21:39:57: CRYPTO_PKI: status = 65535: failed to set up peer auth context
21:39:57: CRYPTO_PKI: status = 65535: fail to send out pkcsreq
Help please.
Regards.
