cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
1419
Views
5
Helpful
3
Replies
canero
Beginner

Windows 2008 CA Certificate Authority Enrollment generic error PKCS#7 vs PKCS#10

Hello,

We are installing a Site-to-Site VPN using Certificates, and using Windows 2008 Certificate Authority for this purpose. After configuring and debugging we observe that with the debugs a PKCS#10 request is sent to the CA, and the return is PKCS#7 with errors.  What may be the cause of the problem? Does the CA need to send PKCS#10 format as well, or need some changes in the configuration. The same configuration works ok with a router as a CA,

The debug output is as follows:

Feb  9 21:00:32.502: ../cert-c/source/p7contnt.c(169) : E_DATA : generic data error *Feb  9 21:00:32.502: CRYPTO_PKI: status = 0x703(E_DATA : generic data error): pkcs7 verify data returned status *Feb  9 21:00:32.502: CRYPTO_PKI: status = 0x703(E_DATA : generic data error): failed to verify *Feb  9 21:00:32.502: CRYPTO_PKI: status = 0x703(E_DATA : generic data error): failed to process the inner content *Feb  9 21:00:32.502: %PKI-6-CERTFAIL: Certificate enrollment failed.

*Feb  9 21:00:32.502: CRYPTO_PKI: All enrollment requests completed for trustpoint TESTCAS.abc.lab.

*Feb  9 21:00:32.502: CRYPTO_PKI: All enrollment requests completed for trustpoint TESTCAS.abc.lab.

*Feb  9 21:00:32.502: CRYPTO_PKI: All enrollment requests completed for trustpoint TESTCAS.abc.lab.

*Feb  9 21:00:32.502: CRYPTO_PKI: All enrollment requests completed for trustpoint TESTCAS.abc.lab

Thanks in Advance,

Best Regards,

3 REPLIES 3
Marcin Latosiewicz
Cisco Employee

Hi,

Did you find resolution of this one?

I would be interested to see full debugs and config.

Marcin

Hello Marcin,

The solution was in fact turned out to be simple. i.e we left the IP Address of the DNS of the CA server as another IP. But in fact the CA on the Lab setup was also the Active Directory server. So after searching for 3 days the problem is resolved.

One error that we also met was that if the Memory usage for the IIS service is law, we may get similar errors. (Our Virtual Machine Memory is 1Gbyte, and the memory is 988Mbyte used). The system administrator also warned on this issue and we tried to use more memory,

Best Regards,

Cool stuff!

I gave your post full marks, hopefully next people to stumble into this will find it useful ;-)

Marcin

Content for Community-Ad