KJ
Set up a router as a CA server and use that instead of the MS CA, and move on.
Best wishes,
Keith H. Barker, CCIE #6783
> Dear Experts,
>
> I am working on one of INE's security labs and finding one problem. I can't
> seem to get a certificate from the CA. Note that I can authenticate the CA
> (Get the self signed certificate by the CA) however I can't seem to get a
> certificate for my router. I would appreciate any help!
>
> crypto pki trustpoint IE1
> enrollment mode ra
> enrollment url http://10.0.0.100:80/certsrv/mscep/mscep.dll
> revocation-check none
>
> crypto ca authenticate IE1
> crypto ca enroll IE1
> %
> % Start certificate enrollment ..
> % Create a challenge password. You will need to verbally provide this
> password to the CA Administrator in order to revoke your certificate.
> For security reasons your password will not be saved in the
> configuration.
> Please make a note of it.
>
> Password:
> Re-enter password:
>
> % The subject name in the certificate will include: Rack1R3.INE.com
> % Include the router serial number in the subject name? [yes/no]: no
> % Include an IP address in the subject name? [no]: no
> Request certificate from CA? [yes/no]: yes
> % Certificate request sent to Certificate Authority
> % The 'show crypto ca certificate IE1 verbose' commandwill show the
> fingerprint.
>
> Rack1R3(config)#
> Oct 4 02:47:10.544: CRYPTO_PKI: Certificate Request Fingerprint MD5:
> 3C3390BC 5925C2A0 1C0C91C1 F1C2C4F1
> Oct 4 02:47:10.548: CRYPTO_PKI: Certificate Request Fingerprint SHA1:
> 8DDD24A6 2CE019B6 23E58683 E192D8DD DBB12BE5
> Rack1R3(config)#^Z
> Rack1R3#
> Oct 4 02:47:14.679: %SYS-5-CONFIG_I: Configured from console by console
>
> Rack1R3#show crypto ca certificates
> CA Certificate
> Status: Available
> Certificate Serial Number: 0x122272C6E4466092444CBC4709E79763
> Certificate Usage: Signature
> Issuer:
> cn=sc06-aaa
> ou=CCIE
> o=INE
> l=Reno
> st=NV
> c=US
> e=support_at_ine.com
> Subject:
> cn=sc06-aaa
> ou=CCIE
> o=INE
> l=Reno
> st=NV
> c=US
> e=support_at_ine.com
> CRL Distribution Points:
> http://sc06-aaa/CertEnroll/sc06-aaa.crl
> Validity Date:
> start date: 00:18:38 UTC Jun 11 2010
> end date: 00:28:20 UTC Jun 11 2020
> Associated Trustpoints: IE
>
> Would appreciate any help:) Thanks
>
> --
> KJ
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
Blogs and organic groups at http://www.ccie.net
Received on Sun Oct 03 2010 - 09:57:05 ART
This archive was generated by hypermail 2.2.0 : Mon Nov 01 2010 - 06:42:05 ART