06-13-2006 07:34 AM
Hi:
I been trying to configure a PIX with version 7.1(1) to use a Windows Server 2003 Enterprise Root CA without success. This is error I get every time I try to authenticate:
ERROR: receiving Certificate Authority certificate: status = FAIL, cert length = 0
This is the CA config in the PIX:
crypto ca trustpoint main
crl optional
enrollment retry count 20
enrollment url http://10.X.x.X:80/certsrv/mscep/mscep.dll
crl configure
I don't know if I have to do some type of configuration in the CA itself to support the PIX or if the problem is in the PIX config. Any help will be appreciate.
06-19-2006 01:50 PM
Check your date and time on the PIX and on the CA Server. Make sure they are in sync. If they are not, then there can be problems with getting the certificate from the CA.
06-22-2006 08:02 AM
Did you setup a challenge password when configuring SCEP on your CA? If you did, browse to the CA SCEP web address via HTTP, authenticate yourself, then use the temporary key it provides as the revocation key that the PIX will ask for when enrolling.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide