Re: [OSL | CCIE_Security] IOS CA SSL certificate issue

Wed, 14 Oct 2009 22:08:03 -0700 

Sorry guys will post the correct config soon


Regards
imran

On Thu, Oct 15, 2009 at 12:43 AM, imran mohammed <[email protected]>wrote:

> Hi All,
>
>
> I have configured IOS CA which issues certs to ASA.Iam able to install
> certificates in ASA.These certs are for the SSL vpn.
> Now when I access SSL vpn I get the certificate error so I have installed
> the the certificate in to trusted root CA.But when I
> access again I get the same error moreover I dont see my domain in the
> trusted root CA though I get import successfull message.
> Iam doing this lab in emulation software.Iam not sure where is the issue.It
> works well with mozilla.Issue is in IE7.
>
> Here is my config
>
>
> dns server-group DefaultDNS
>  domain-name INE.com
>
> http server enable
> http 10.1.1.0 255.255.255.0 inside
> no snmp-server location
> no snmp-server contact
>
> crypto ca trustpoint MYTUST
>  enrollment url http://20.1.1.3:80
>  fqdn FW0.INE.com
>  subject-name CN=FW0.INE.com
>  serial-number
>  crl configure
> crypto ca certificate chain MYTUST
>
>
> !
> !
> !
> webvpn
>  port 8080
>  enable outside
>
> ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
>
> FW0# sh crypto ca certificates
> Certificate
>   Status: Available
>   Certificate Serial Number: 02
>   Certificate Usage: General Purpose
>   Public Key Type: RSA (1024 bits)
>   Issuer Name:
>     cn=IOSCA
>     ou=security
>     o=NORTEL
>   Subject Name:
>     serialNumber=123456789AB
>     hostname=FW0.INE.com
>     cn=FW0.INE.com
>   Validity Date:
>     start date: 00:58:34 UTC Mar 1 2002
>     end   date: 00:58:34 UTC Mar 1 2003
>   Associated Trustpoints: MYTUST
>
> CA Certificate
>   Status: Available
>   Certificate Serial Number: 01
>   Certificate Usage: Signature
>   Public Key Type: RSA (1024 bits)
>   Issuer Name:
>     cn=IOSCA
>     ou=security
>     o=NORTEL
>   Subject Name:
>     cn=IOSCA
>     ou=security
>     o=NORTEL
>   Validity Date:
>     start date: 00:50:23 UTC Mar 1 2002
>     end   date: 00:50:23 UTC Feb 28 2005
>   Associated Trustpoints: MYTUST
>
> +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
> IOS CA
>
> crypto pki server IOSCA
>  database url flash:
>  issuer-name cn=IOSCA,ou=security,o=NORTEL
>  grant auto
> !
> crypto pki trustpoint IOSCA
>  revocation-check crl
>  rsakeypair IOSCA
>
>
> Regards
> Imran
>
>
>

_______________________________________________
For more information regarding industry leading CCIE Lab training, please visit 
www.ipexpert.com

Reply via email to