OT:Enrolling with CA Problem from karim jamali on 2010-10-03 (Ccielab archives 10/2010)

From: karim jamali <karim.jamali_at_gmail.com>
Date: Sun, 3 Oct 2010 19:50:20 +0300

Dear Experts,

I am working on one of INE's security labs and finding one problem. I can't
seem to get a certificate from the CA. Note that I can authenticate the CA
(Get the self signed certificate by the CA) however I can't seem to get a
certificate for my router. I would appreciate any help!

crypto pki trustpoint IE1
enrollment mode ra
enrollment url http://10.0.0.100:80/certsrv/mscep/mscep.dll
revocation-check none

crypto ca authenticate IE1
crypto ca enroll IE1
%
% Start certificate enrollment ..
% Create a challenge password. You will need to verbally provide this
   password to the CA Administrator in order to revoke your certificate.
   For security reasons your password will not be saved in the
configuration.
   Please make a note of it.

Password:
Re-enter password:

% The subject name in the certificate will include: Rack1R3.INE.com
% Include the router serial number in the subject name? [yes/no]: no
% Include an IP address in the subject name? [no]: no
Request certificate from CA? [yes/no]: yes
% Certificate request sent to Certificate Authority
% The 'show crypto ca certificate IE1 verbose' commandwill show the
fingerprint.

Rack1R3(config)#
Oct 4 02:47:10.544: CRYPTO_PKI: Certificate Request Fingerprint MD5:
3C3390BC 5925C2A0 1C0C91C1 F1C2C4F1
Oct 4 02:47:10.548: CRYPTO_PKI: Certificate Request Fingerprint SHA1:
8DDD24A6 2CE019B6 23E58683 E192D8DD DBB12BE5
Rack1R3(config)#^Z
Rack1R3#
Oct 4 02:47:14.679: %SYS-5-CONFIG_I: Configured from console by console

Rack1R3#show crypto ca certificates
CA Certificate
  Status: Available
  Certificate Serial Number: 0x122272C6E4466092444CBC4709E79763
  Certificate Usage: Signature
  Issuer:
    cn=sc06-aaa
    ou=CCIE
    o=INE
    l=Reno
    st=NV
    c=US
    e=support_at_ine.com
  Subject:
    cn=sc06-aaa
    ou=CCIE
    o=INE
    l=Reno
    st=NV
    c=US
    e=support_at_ine.com
  CRL Distribution Points:
    http://sc06-aaa/CertEnroll/sc06-aaa.crl
  Validity Date:
    start date: 00:18:38 UTC Jun 11 2010
    end date: 00:28:20 UTC Jun 11 2020
  Associated Trustpoints: IE

Would appreciate any help:) Thanks

-- 
KJ
Blogs and organic groups at http://www.ccie.net

Received on Sun Oct 03 2010 - 19:50:20 ART

This archive was generated by hypermail 2.2.0 : Mon Nov 01 2010 - 06:42:05 ART