RE: CA on ASA. from Adil Pasha on 2011-02-09 (Ccielab archives 02/2011)

From: Adil Pasha <aspasha_at_gmail.com>
Date: Wed, 9 Feb 2011 19:12:10 -0500

Guys,
Please help me out since it's my second day working on Yusuf's Practice
Lab-1 question 3.1 which is only 3 points and I am stuck :)

I am sure most of you guys already completed these 2 labs.

R1 is the CA server
It is configured correct therefore R5 receives the key from R1.

IPExpert website helped me out and I found the ASA2 issue.

I generated the key on ASA2 (ASA2(config)# cry key generate rsa modulus 512)
using this command.

I can pass the authentication process but when I try to enroll I get the
following error again and again.

Please let me know what am I doing wrong with ASA2 configuration. I checked
the domain-name and it is cisco.com. Clock is not synched but I manually set
the time and it matches R1's time.

ASA2(config)#
Certificate is not valid yet.
The certificate enrollment request failed!

----------------------------------------------------------------------------
----------------------------------------------------------------------------
---------------

-----Original Message-----
From: Tyson Scott [mailto:tscott_at_ipexpert.com]
Sent: Tuesday, February 08, 2011 10:47 PM
To: 'Adil Pasha'; 'Cisco certification'
Subject: RE: CA on ASA.

show crypto key mypubkey rsa

Did you actually create a RSA key?

Regards,

Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr.
Instructor - IPexpert, Inc.
Mailto: tscott_at_ipexpert.com

-----Original Message-----
From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of Adil
Pasha
Sent: Tuesday, February 08, 2011 10:01 PM
To: Cisco certification
Subject: CA on ASA.

Could someone please let me know why am I getting the following error
message on ASA?

ASA2(config)# cry ca authenticate cisco

INFO: Certificate has the following attributes:
Fingerprint: 1bff4d9d 3f761914 e03c8221 a16d69f6
Do you accept this certificate? [yes/no]: yes Trustpoint CA certificate
accepted.
ASA2(config)# cry ca enro
ASA2(config)# cry ca enroll cisco
ERROR: Signature public key not found - Abort.
<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
ASA2(config)#

Blogs and organic groups at http://www.ccie.net
Received on Wed Feb 09 2011 - 19:12:10 ART

This archive was generated by hypermail 2.2.0 : Tue Mar 01 2011 - 07:01:50 ART