[OSL | CCIE_Security] IOS CA SSL certificate issue

Wed, 14 Oct 2009 12:13:32 -0700 

Hi All,


I have configured IOS CA which issues certs to ASA.Iam able to install
certificates in ASA.These certs are for the SSL vpn.
Now when I access SSL vpn I get the certificate error so I have installed
the the certificate in to trusted root CA.But when I
access again I get the same error moreover I dont see my domain in the
trusted root CA though I get import successfull message.
Iam doing this lab in emulation software.Iam not sure where is the issue.It
works well with mozilla.Issue is in IE7.

Here is my config


dns server-group DefaultDNS
 domain-name INE.com

http server enable
http 10.1.1.0 255.255.255.0 inside
no snmp-server location
no snmp-server contact

crypto ca trustpoint MYTUST
 enrollment url http://20.1.1.3:80
 fqdn FW0.INE.com
 subject-name CN=FW0.INE.com
 serial-number
 crl configure
crypto ca certificate chain MYTUST


!
!
!
webvpn
 port 8080
 enable outside

++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

FW0# sh crypto ca certificates
Certificate
  Status: Available
  Certificate Serial Number: 02
  Certificate Usage: General Purpose
  Public Key Type: RSA (1024 bits)
  Issuer Name:
    cn=IOSCA
    ou=security
    o=NORTEL
  Subject Name:
    serialNumber=123456789AB
    hostname=FW0.INE.com
    cn=FW0.INE.com
  Validity Date:
    start date: 00:58:34 UTC Mar 1 2002
    end   date: 00:58:34 UTC Mar 1 2003
  Associated Trustpoints: MYTUST

CA Certificate
  Status: Available
  Certificate Serial Number: 01
  Certificate Usage: Signature
  Public Key Type: RSA (1024 bits)
  Issuer Name:
    cn=IOSCA
    ou=security
    o=NORTEL
  Subject Name:
    cn=IOSCA
    ou=security
    o=NORTEL
  Validity Date:
    start date: 00:50:23 UTC Mar 1 2002
    end   date: 00:50:23 UTC Feb 28 2005
  Associated Trustpoints: MYTUST

+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
IOS CA

crypto pki server IOSCA
 database url flash:
 issuer-name cn=IOSCA,ou=security,o=NORTEL
 grant auto
!
crypto pki trustpoint IOSCA
 revocation-check crl
 rsakeypair IOSCA


Regards
Imran

_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Reply via email to