10-02-2010 12:43 PM
R4 is my CA-server ...while R5 is my ca-client...while r5 requesting certificate from R4 getting the following error:
R5(config)#crypto pki authenticate IOS-CA
% Error in receiving Certificate Authority certificate: status = FAIL, cert length = 0
R5(config)#
.Oct 2 19:54:56.695: CRYPTO_PKI: pki request queued properly
.Oct 2 19:54:56.695: CRYPTO_PKI: Sending CA Certificate Request:
GET /cgi-bin/pkiclient.exe?operation=GetCACert&message=IOS-CA HTTP/1.0
User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Cisco PKI)
Host: 22.22.22.22
.Oct 2 19:54:56.695: CRYPTO_PKI: locked trustpoint IOS-CA, refcount is 1
.Oct 2 19:54:56.695: CRYPTO_PKI: can not resolve server name/IP address
.Oct 2 19:54:56.695: CRYPTO_PKI: Using unresolved IP Address 22.22.22.22
.Oct 2 19:54:56.695: CRYPTO_PKI: socket connect error.
.Oct 2 19:54:56.695: CRYPTO_PKI: status = 0: failed to open http connection
R5(config)#
.Oct 2 19:54:56.695: CRYPTO_PKI: unlocked trustpoint IOS-CA, refcount is 0
.Oct 2 19:54:56.695: CRYPTO_PKI: status = 65535: failed to send out the pki message
.Oct 2 19:54:56.695: CRYPTO_PKI: transaction GetCACert completed
----------------------------------------------------------------
what is locked trustpoint?
I believe mine all configuration is good..How can I resolve my issue..?
Thanks,
Kiran
Solved! Go to Solution.
10-03-2010 02:05 AM
Kiran,
Debugs tell you that http connection failed.
Did you enable http server on the CA?
"show cry ca server" can you please get that for me?
Marcin
10-03-2010 02:05 AM
Kiran,
Debugs tell you that http connection failed.
Did you enable http server on the CA?
"show cry ca server" can you please get that for me?
Marcin
12-13-2012 02:45 AM
THE HTTP PORT 80 is block between ca server or client
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide