Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
951
Views
0
Helpful
1
Replies

vpn using digital certificates from microsoft CA ... any ideas

dean_holroyd
Level 1
Level 1

‎09-09-2003 05:30 AM - edited ‎02-21-2020 12:45 PM

Alright

I have been trying to set up a vpn using digital certificates to authenticate the devices (PIX). I am using microsoft certificate services with the mscep.dll add on. When I try to enroll a certificate I get this :

pix1(config)# ca generate rsa key 512

Keypair generation process begin.

.Success.

pix1(config)# ca identity CA 10.0.0.20:/certsrv/mscep/mscep.dll

pix1(config)# ca configure CA ra 1 20 crloptional

pix1(config)# ca authenticate CA

Certificate has the following attributes:

Fingerprint: 1c93454b 263051d8 b4fd283f 6e3044ac

pix1(config)# ca enroll CA cisco

%

% Start certificate enrollment ..

% The subject name in the certificate will be: pix1.companyname.com

% Certificate request sent to Certificate Authority

% The certificate request fingerprint will be displayed.

pix1(config)# Fingerprint: 4595bd93 396f425c 03a68138 7a6b4c23

The certificate enrollment request was denied by CA!

Any ideas why this does not work. There is no security that stops access to the CA.

Cheers

Dean

Labels:
0 Helpful
1 Reply 1

dean_holroyd
Level 1
Level 1

‎09-09-2003 07:07 AM

no replies ...... oh well !

I have solved the problem myself. If anybody has the same problem I got round it be unchecking the automatic enrollment option during cepsetup. I can now enroll certificates, but I have to issue them manually from certserv's pending folder.

cheers

0 Helpful
Customers Also Viewed These Support Documents