Re: CA on ASA.

Thanks Tyson.

I did more research today and found out that that is a bug in Pemu (GNS3) connecting to IOS CA.

What a waste of time.

Best Regards.
______________________
Adil

On Feb 9, 2011, at 9:42 PM, Tyson Scott wrote:

> Your clocks aren't synchronized.
>
> Regards,
>
> Tyson Scott - CCIE #13513 R&S, Security, and SP
> Managing Partner / Sr. Instructor - IPexpert, Inc.
> Mailto: tscott_at_ipexpert.com
>
> -----Original Message-----
> From: Adil Pasha [mailto:aspasha_at_gmail.com]
> Sent: Wednesday, February 09, 2011 7:12 PM
> To: 'Tyson Scott'; 'Cisco certification'
> Subject: RE: CA on ASA.
>
> Guys,
> Please help me out since it's my second day working on Yusuf's Practice
> Lab-1 question 3.1 which is only 3 points and I am stuck :)
>
> I am sure most of you guys already completed these 2 labs.
>
>
> R1 is the CA server
> It is configured correct therefore R5 receives the key from R1.
>
> IPExpert website helped me out and I found the ASA2 issue.
>
> I generated the key on ASA2 (ASA2(config)# cry key generate rsa modulus 512)
> using this command.
>
> I can pass the authentication process but when I try to enroll I get the
> following error again and again.
>
> Please let me know what am I doing wrong with ASA2 configuration. I checked
> the domain-name and it is cisco.com. Clock is not synched but I manually set
> the time and it matches R1's time.
>
> ASA2(config)#
> Certificate is not valid yet.
> The certificate enrollment request failed!
>
>
>
> ----------------------------------------------------------------------------
> ----------------------------------------------------------------------------
> ---------------
>
> -----Original Message-----
> From: Tyson Scott [mailto:tscott_at_ipexpert.com]
> Sent: Tuesday, February 08, 2011 10:47 PM
> To: 'Adil Pasha'; 'Cisco certification'
> Subject: RE: CA on ASA.
>
> show crypto key mypubkey rsa
>
> Did you actually create a RSA key?
>
> Regards,
>
> Tyson Scott - CCIE #13513 R&S, Security, and SP Managing Partner / Sr.
> Instructor - IPexpert, Inc.
> Mailto: tscott_at_ipexpert.com
>
>
> -----Original Message-----
> From: nobody_at_groupstudy.com [mailto:nobody_at_groupstudy.com] On Behalf Of Adil
> Pasha
> Sent: Tuesday, February 08, 2011 10:01 PM
> To: Cisco certification
> Subject: CA on ASA.
>
> Could someone please let me know why am I getting the following error
> message on ASA?
>
> ASA2(config)# cry ca authenticate cisco
>
> INFO: Certificate has the following attributes:
> Fingerprint: 1bff4d9d 3f761914 e03c8221 a16d69f6
> Do you accept this certificate? [yes/no]: yes Trustpoint CA certificate
> accepted.
> ASA2(config)# cry ca enro
> ASA2(config)# cry ca enroll cisco
> ERROR: Signature public key not found - Abort.
> <<<<<<<<<<<<<<<<<<<<<<<<<<<<<
> ASA2(config)#
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

Blogs and organic groups at http://www.ccie.net
Received on Thu Feb 10 2011 - 17:56:26 ART