Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
717
Views
0
Helpful
0
Replies

NON-RESIDENT CERT during SCEP-forwarding configuration

TarasF
Level 1
Level 1

‎07-31-2020 04:00 AM - edited ‎07-31-2020 07:19 AM

Hi all, after the configuration moved from ASA to ASAv the certificate enrollment option in AnyConnect VPN doesn't work. I have a problem when trying to configure SCEP-forwarding in my ASAv:

 

[ERROR] scep-forwarding-url value http://hostname:port/auth/caservice/pkiclient.exe

Attempting to retrieve the CA/RA certificate(s) using the URL. Please wait ...

Received 3 CA/RA certificate(s) using the SCEP URL.

NON-RESIDENT CERT: serial: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx, subject: CN=Certificate Services Endpoint RA - ise01
RESIDENT CERT: serial: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx, subject: CN=Certificate Services Endpoint Sub CA - ise01
RESIDENT CERT: serial: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx, subject: CN=Certificate Services Node CA - ise01

 

WARNING: Please check if you have all the required certificate(s) in the config to authenticate the certificates that will be issued using this SCEP URL

 

I can't find appropriate Certificate Services Endpoint RA in my ISE using web-console. I've tried to export 5 CA key pairs(all in one encrypted file without extension) using CLI to my repository and wishes certificate inside the file but I can't open this file.

I just want to add one certificate to ASAv, maybe there are any ideas how to do it?

 

I use 2.6 ISE version and 9.14 ASAv version

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents