Thanks a lot Keith..Keith am I doing something wrong or is there anything I
should configure on the server because this is the 2nd time I try & can't
get a certificate for my router.
Thanks:)
On Sun, Oct 3, 2010 at 7:57 PM, Keith Barker <kbarker_at_ine.com> wrote:
> KJ
>
> Set up a router as a CA server and use that instead of the MS CA, and move
> on.
>
> Best wishes,
>
> Keith H. Barker, CCIE #6783
>
>
> > Dear Experts,
> >
> > I am working on one of INE's security labs and finding one problem. I
> can't
> > seem to get a certificate from the CA. Note that I can authenticate the
> CA
> > (Get the self signed certificate by the CA) however I can't seem to get a
> > certificate for my router. I would appreciate any help!
> >
> > crypto pki trustpoint IE1
> > enrollment mode ra
> > enrollment url http://10.0.0.100:80/certsrv/mscep/mscep.dll
> > revocation-check none
> >
> > crypto ca authenticate IE1
> > crypto ca enroll IE1
> > %
> > % Start certificate enrollment ..
> > % Create a challenge password. You will need to verbally provide this
> > password to the CA Administrator in order to revoke your certificate.
> > For security reasons your password will not be saved in the
> > configuration.
> > Please make a note of it.
> >
> > Password:
> > Re-enter password:
> >
> > % The subject name in the certificate will include: Rack1R3.INE.com
> > % Include the router serial number in the subject name? [yes/no]: no
> > % Include an IP address in the subject name? [no]: no
> > Request certificate from CA? [yes/no]: yes
> > % Certificate request sent to Certificate Authority
> > % The 'show crypto ca certificate IE1 verbose' commandwill show the
> > fingerprint.
> >
> > Rack1R3(config)#
> > Oct 4 02:47:10.544: CRYPTO_PKI: Certificate Request Fingerprint MD5:
> > 3C3390BC 5925C2A0 1C0C91C1 F1C2C4F1
> > Oct 4 02:47:10.548: CRYPTO_PKI: Certificate Request Fingerprint SHA1:
> > 8DDD24A6 2CE019B6 23E58683 E192D8DD DBB12BE5
> > Rack1R3(config)#^Z
> > Rack1R3#
> > Oct 4 02:47:14.679: %SYS-5-CONFIG_I: Configured from console by console
> >
> > Rack1R3#show crypto ca certificates
> > CA Certificate
> > Status: Available
> > Certificate Serial Number: 0x122272C6E4466092444CBC4709E79763
> > Certificate Usage: Signature
> > Issuer:
> > cn=sc06-aaa
> > ou=CCIE
> > o=INE
> > l=Reno
> > st=NV
> > c=US
> > e=support_at_ine.com
> > Subject:
> > cn=sc06-aaa
> > ou=CCIE
> > o=INE
> > l=Reno
> > st=NV
> > c=US
> > e=support_at_ine.com
> > CRL Distribution Points:
> > http://sc06-aaa/CertEnroll/sc06-aaa.crl
> > Validity Date:
> > start date: 00:18:38 UTC Jun 11 2010
> > end date: 00:28:20 UTC Jun 11 2020
> > Associated Trustpoints: IE
> >
> > Would appreciate any help:) Thanks
> >
> > --
> > KJ
> >
> >
> > Blogs and organic groups at http://www.ccie.net
> >
> > _______________________________________________________________________
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
> >
> >
> >
>
>
-- KJ Blogs and organic groups at http://www.ccie.netReceived on Sun Oct 03 2010 - 20:05:01 ART
This archive was generated by hypermail 2.2.0 : Mon Nov 01 2010 - 06:42:05 ART