From: George He (georgeh@adstream.com.au)
Date: Wed Jun 30 2004 - 04:37:07 GMT-3
Hello all,
I followed Cisco and Microsoft's doc and setup CA on windows 2000. PIX
(6.3)
I configured hostname, domain and time is correct.
debug crypto ca
ca identity test 192.168.1.1:/certsrv/mscep/mscep.dll
ca configure test ra 1 20 crloptional
ca authen test
ca en test password
I saw the enrollment pending on the CA server. So I issued the
certification. But PIX could not get it and didn't show any errors. (I
tried to enroll again with wrong password and got "reject" information)
I saw the output bellow.
CI thread wakes up!
CRYPTO_PKI: transaction PKCSReq completed
CRYPTO_PKI: status:
Crypto CA thread sleeps!
CRYPTO_PKI: http connection opened
CRYPTO_PKI: received msg of 760 bytes
CRYPTO_PKI: WARNING: Certificate, private key or CRL was not found while
selecting CRL
CRYPTO_PKI: signed attr: pki-message-type:
13 01 33
CRYPTO_PKI: signed attr: pki-status:
13 01 33
CRYPTO_PKI: signed attr: pki-recipient-nonce:
04 10 14 d9 bd 90 3a d7 a6 7b f1 a8 1c bb ff 09 10 75
CRYPTO_PKI: signed attr: pki-transaction-id:
13 20 64 35 37 65 33 38 61 38 65 65 65 61 33 31 32 36 34 31
34 37 36 66 66 33 66 65 65 38 63 31 31 63
CRYPTO_PKI: status = 102: certificate request pending
CRYPTO_PKI: http connection opened
Insert Selfsigned Certificate:
30 82 03 71 30 82 02 59 02 20 64 35 37 65 33 38 61 38 65 65
65 61 33 31 32 36 34 31 34 37 36 66 66 33 66 65 65 38 63 31
31 63 30 0d 06 09 2a 86 48 86 f7 0d 01 01 04 05 00 30 6f 31
6d 30 0f 06 03 55 04 05 13 08 33 30 31 65 34 34 63 34 30 29
06 03 55 04 03 13 22 55 4b 4c 4f 4e 31 50 46 57 30 31 2e 53
79 64 6e 65 79 2e 61 64 73 74 72 65 61 6d 2e 63 6f 6d 2e 61
Any idea?
Thanks
George
This archive was generated by hypermail 2.1.4 : Sat Jul 03 2004 - 19:40:53 GMT-3