02-15-2009 12:03 PM
Hi
I configured A digital Certificate on a router using a CA server for authentication
Here is the policy configuration:
crypto ca trustpoint branch-Cert
enrollment mode ra
enrollment url http://192.168.1.1:80/certsrv/mscep/mscep.dll
usage ike
serial-number
crl optional
So what i need to do now, is to configure Auto-enrollment.
I did my research and found that the only missing command is the auto-enroll [percent] [regenerate]
The issue is when the first time i did the "cr ca enroll ..." i had to enter a password that was generated from the CA server and it worked properly, but was done manually.
but when the certificate expires and the automatic enrollment takes place, will a new password be required?
and if yes, how will it be entered automatically?
REgards,
02-16-2009 07:10 AM
Tipically the password that the CA gives to you is dynamically and has a lifetime I believe around 5 minutes, in this case you would need to enter the password manually once the router is about to re enroll itself to the CA. In the case where the CA generates a password which never changes then I believe you have the option on the trustpoint to define the password you would like to use.
02-16-2009 10:35 AM
Hi again
The password generated by the CA server is exactly as u said, its lifetime is for 5 minutes.
So how can i make the router to auto-enroll without any manual intervention.
Can we change the settings in the CA server password generation so it would never change?
02-16-2009 10:40 AM
That I am not sure..I know you can change it to avoid using password but I am not sure if it will keep the same password over and over... at this point I believe your option are either enter the password every time (not automatic) or disable password on the CA (enrollment automatic)
02-17-2009 02:10 PM
Hi
do u know how to disable password on the CA (enrollment automatic)????
REgards
02-17-2009 02:20 PM
You need to access your MS CA certificates console via Administrative Tools > CA, in there you need to right click over your CA certificate and select properties from here I am not quite sure where exactly will you go but there is an option for disabling pass phrase. If this is not like that then you need to re install your CA.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide