Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
322
Views
0
Helpful
2
Replies

Problems configuring CA in PIX 7.1(1)

netmgt
Level 1
Level 1

‎06-13-2006 07:34 AM

Hi:

I been trying to configure a PIX with version 7.1(1) to use a Windows Server 2003 Enterprise Root CA without success. This is error I get every time I try to authenticate:

ERROR: receiving Certificate Authority certificate: status = FAIL, cert length = 0

This is the CA config in the PIX:

crypto ca trustpoint main

crl optional

enrollment retry count 20

enrollment url http://10.X.x.X:80/certsrv/mscep/mscep.dll

crl configure

I don't know if I have to do some type of configuration in the CA itself to support the PIX or if the problem is in the PIX config. Any help will be appreciate.

Labels:
0 Helpful
2 Replies 2

a-vazquez
Level 6
Level 6

‎06-19-2006 01:50 PM

Check your date and time on the PIX and on the CA Server. Make sure they are in sync. If they are not, then there can be problems with getting the certificate from the CA.

0 Helpful

aaronr
Level 1
Level 1

‎06-22-2006 08:02 AM

Did you setup a challenge password when configuring SCEP on your CA? If you did, browse to the CA SCEP web address via HTTP, authenticate yourself, then use the temporary key it provides as the revocation key that the PIX will ask for when enrolling.

0 Helpful
Customers Also Viewed These Support Documents