Re: Register a windows client on IOS CA

I like your theory Paul! :-)

I think we are pretty much on around the same wavelength there :-)

On Tue, Aug 11, 2009 at 8:00 PM, Paul Stewart <pestewart_at_gmail.com> wrote:

> Here is my theory on how that could be tested. The csr is displayed in the
> web interface so that is no problem. When the cert is issued on the router,
> it can be stored locally. They could set up a tftpd on the ACS server that
> mapped to let's say c:\tftp. From the router the cert could be copied. From
> acs, install the cert from c:\tftp\mycertname.cer. I have know idea if this
> is done, I'm just thinking it is possible. They would have to explain the
> tftpd configuration.
>
>
>
>
> On Aug 11, 2009, at 11:41 AM, Sadiq Yakasai <sadiqtanko_at_gmail.com> wrote:
>
> Thanks for the feedback Tyson. Thats a very good suggestion. But what if
>> we
>> dont have terminal access to the ACS server in the lab? All options of
>> copying files on to it are out then. I guess I could generate a
>> self-signed
>> certificate on the ACS and import that to the IOS CA, can I?
>>
>> Sadiq
>>
>> On Tue, Aug 11, 2009 at 3:41 PM, Tyson Scott <tscott_at_ipexpert.com> wrote:
>>
>> With ACS it is easy as you can create the request from the application
>>> and
>>> paste it to the router as a PKS10# certificate request. If you have
>>> setup
>>> the IOS CA to do database complete it will save the certificate to the
>>> database destination which you can then TFTP to the ACS server.
>>>
>>> For XP the question would be how they are going to allow you to create
>>> the
>>> certificate request. If IIS is installed on WinXP then that could be
>>> used
>>> to do the request. I am not sure they have that on the test. They may
>>> have
>>> the request already created for you and you have to paste it to the
>>> router
>>> and then copy the certificate chain to XP.
>>>
>>> There is no automatic way to request the certificate as the XP
>>> workstation
>>> doesn't support SCEP.
>>>
>>> Regards,
>>>
>>> Tyson Scott - CCIE #13513 R&S and Security
>>> Technical Instructor - IPexpert, Inc.
>>>
>>> Telephone: +1.810.326.1444
>>> Cell: +1.248.504.7309
>>> Fax: +1.810.454.0130
>>> Mailto: tscott_at_ipexpert.com
>>>
>>> Join our free online support and peer group communities:
>>> http://www.IPexpert.com/communities
>>>
>>> IPexpert - The Global Leader in Self-Study, Classroom-Based, Video On
>>> Demand
>>> and Audio Certification Training Tools for the Cisco CCIE R&S Lab, CCIE
>>> Security Lab, CCIE Service Provider Lab , CCIE Voice Lab and CCIE Storage
>>> Lab Certifications.
>>>
>>> -----Original Message-----
>>> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of
>>> Sadiq Yakasai
>>> Sent: Tuesday, August 11, 2009 8:01 AM
>>> To: Cisco certification; Cisco certification
>>> Subject: Register a windows client on IOS CA
>>>
>>> Hi guys,
>>>
>>> When working with IOS CA, is it possible to register a windows client
>>> with
>>> it? Does Windows XP (for example) support SCEP?? If we were to configure
>>> ACS
>>> to register with your CA, would this be possible if our CA is a IOS CA?
>>>
>>> Any document or help in regards will be much appreciated.
>>>
>>> Thanks,
>>> Sadiq
>>> --
>>> CCIE #19963
>>>
>>>
>>> Blogs and organic groups at http://www.ccie.net
>>>
>>> _______________________________________________________________________
>>>
>>
>
> Subscription information may be found at:
>>> http://www.groupstudy.com/list/CCIELab.html
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>
>> --
>> CCIE #19963
>>
>>

-- 
CCIE #19963
Blogs and organic groups at http://www.ccie.net