Re: Register a windows client on IOS CA

Here is my theory on how that could be tested. The csr is displayed in
the web interface so that is no problem. When the cert is issued on
the router, it can be stored locally. They could set up a tftpd on the
ACS server that mapped to let's say c:\tftp. From the router the cert
could be copied. From acs, install the cert from c:\tftp
\mycertname.cer. I have know idea if this is done, I'm just thinking
it is possible. They would have to explain the tftpd configuration.

On Aug 11, 2009, at 11:41 AM, Sadiq Yakasai <sadiqtanko_at_gmail.com>
wrote:

> Thanks for the feedback Tyson. Thats a very good suggestion. But
> what if we
> dont have terminal access to the ACS server in the lab? All options of
> copying files on to it are out then. I guess I could generate a self-
> signed
> certificate on the ACS and import that to the IOS CA, can I?
>
> Sadiq
>
> On Tue, Aug 11, 2009 at 3:41 PM, Tyson Scott <tscott_at_ipexpert.com>
> wrote:
>
>> With ACS it is easy as you can create the request from the
>> application and
>> paste it to the router as a PKS10# certificate request. If you
>> have setup
>> the IOS CA to do database complete it will save the certificate to
>> the
>> database destination which you can then TFTP to the ACS server.
>>
>> For XP the question would be how they are going to allow you to
>> create the
>> certificate request. If IIS is installed on WinXP then that could
>> be used
>> to do the request. I am not sure they have that on the test. They
>> may
>> have
>> the request already created for you and you have to paste it to the
>> router
>> and then copy the certificate chain to XP.
>>
>> There is no automatic way to request the certificate as the XP
>> workstation
>> doesn't support SCEP.
>>
>> Regards,
>>
>> Tyson Scott - CCIE #13513 R&S and Security
>> Technical Instructor - IPexpert, Inc.
>>
>> Telephone: +1.810.326.1444
>> Cell: +1.248.504.7309
>> Fax: +1.810.454.0130
>> Mailto: tscott_at_ipexpert.com
>>
>> Join our free online support and peer group communities:
>> http://www.IPexpert.com/communities
>>
>> IPexpert - The Global Leader in Self-Study, Classroom-Based, Video On
>> Demand
>> and Audio Certification Training Tools for the Cisco CCIE R&S Lab,
>> CCIE
>> Security Lab, CCIE Service Provider Lab , CCIE Voice Lab and CCIE
>> Storage
>> Lab Certifications.
>>
>> -----Original Message-----
>> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On
>> Behalf Of
>> Sadiq Yakasai
>> Sent: Tuesday, August 11, 2009 8:01 AM
>> To: Cisco certification; Cisco certification
>> Subject: Register a windows client on IOS CA
>>
>> Hi guys,
>>
>> When working with IOS CA, is it possible to register a windows
>> client with
>> it? Does Windows XP (for example) support SCEP?? If we were to
>> configure
>> ACS
>> to register with your CA, would this be possible if our CA is a IOS
>> CA?
>>
>> Any document or help in regards will be much appreciated.
>>
>> Thanks,
>> Sadiq
>> --
>> CCIE #19963
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
 

>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>>
>>
>>
>>
>>
>>
>>
>>
>>
>
>
> --
> CCIE #19963

Blogs and organic groups at http://www.ccie.net
Received on Tue Aug 11 2009 - 15:00:54 ART