From: Rodrigo Paes (rpaes@pobox.com)
Date: Thu Nov 02 2006 - 16:57:45 ART
Hi all,
I'm trying to get the PIX to use a cisco IOS CA... but I'm not
having any luck here, I've set the IOS-CA folowing this link...
http://www.cisco.com/application/pdf/en/us/guest/netsol/ns171/c649/ccmigration_09186a008074f1fa.pdf
when I try to authenticate de ca server.
PIX(config)# ca identity ios-ca 172.16.1.50
PIX(config)# ca configure ios-ca ra 2 20 crloptional
PIX(config)#
PIX(config)# ca authen ios-ca
msgsym(GETCARACERT, CRYPTO)!
%Error in connection to Certificate Authority: status = FAIL
PIX(config)#
I tryed changing the path to the auth script but didn't work.. tried all these
ca identity ios-ca 172.16.1.50: 80
ca identity ios-ca 172.16.1.50: /cgi-bin
ca identity ios-ca 172.16.1.50: /
however when I change the enrollment mode from RA ro CA ...
PIX(config)#
PIX(config)# ca identity ios-ca 172.16.1.50
PIX(config)# ca configure ios-ca ca 2 20 crloptional
PIX(config)#
PIX(config)#
PIX(config)# ca authen ios-ca
Certificate has the following attributes:
Fingerprint: e876bfbd 122d1c0e fa764a46 0a373770
PIX(config)#
PIX(config)# ca enroll ios-ca 512
%
% Start certificate enrollment ..
% The subject name in the certificate will be: PIX.lab.cisco.com
% Certificate request sent to Certificate Authority
% The certificate request fingerprint will be displayed.
PIX(config)#
PIX(config)# Fingerprint: 8d6bc9bc 7be486ea 6a740b86 8f264cdd
The certificate has been granted by CA!
PIX(config)#
PIX(config)#
I did the same thing on routers, using "enrollment mode ra" and they
worked without a glitch...
so.. any ideas ? :)
[]s
rodrigo
This archive was generated by hypermail 2.1.4 : Fri Dec 01 2006 - 08:05:45 ART