Guys, the import worked fine. But when I connect, I get the following error in the VPN client log
*Unable to open certificate (cn=r3,ou=king).* Seems the VPN client doesn't like me when it comes to cert enrolloing :-( Will get back, if it works... With regards Kings On Wed, Oct 6, 2010 at 8:32 PM, Kingsley Charles <[email protected] > wrote: > Hi all > > I have seen many mails from people preparing for CCIE security informing > that the VPN client fails to enroll giving "error 42". What ever I do, I was > getting the same issue again today. > > Hence I decided it's time to find a workaround. > > VPN client > Certificate > Enroll > File > Base 64 > Enter parameters and > click on Enroll > > The request file will be stored in C:\Program Files\Cisco Systems\VPN > Client. > > Open the file with notepad and copy the request which will be in base 64 > > > Go to IOS CA server and in the exec mode type "crypto pki server cisco > request pkcs10 terminal" and paste the cert as following: > If you have configured for "auto", you will be granted by the cert > immediately > > > router3#crypto pki server cisco request pkcs10 terminal > % Enter Base64 encoded or PEM formatted PKCS10 enrollment request. > % End with a blank line or "quit" on a line by itself. > -----BEGIN NEW CERTIFICATE REQUEST----- > MIICYTCCAUkCAQAwHDENMAsGA1UECxMEa2luZzELMAkGA1UEAxMCcjMwggEiMA0G > CSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDTYhxemq8MKqnYBJW2rDAjsX65rqFj > 2MQ29MbGTmEVwKg1gK8nDcH6V/0NatnBTLOgj/zoFic0w2CfzSChBJ5vrF34M75U > OYq02+9Q7jacYZbQljUv3Uhho+gVJiZSW9CZQjUpb9i8IxCR/MqvRp5YzEOopcX1 > Hgsz2FxGZLh2R+r2sA67ffMi4wNZ+MBZ3NW+bL+jsfcqzusgKaZxF0P3dGBruJ8V > cG1TQvXxPKJvoI3WLFyn5ih3iFz9SUQglpvRKvRGchOy3CrQ3+V/bsGartl7annB > cv9o2MBvcM0VL2ViKdLeUvt458YCD8hNk9z6H5ZjZ31wNw0P7oWJrRdPAgMBAAGg > ADANBgkqhkiG9w0BAQQFAAOCAQEA0twE0sJsjsBZUHzNcVWY7/RMbpnx14dvaN6D > gEV7w4HlMuXYO0RTNp8ZV+PQfHgv/H0+1ZmAcO054YsSXULBOW+ZyMj4/qUYlpm3 > ixvnkN9gY6R0uZNiuSHwFsA2JGZ4tgN3BIFuNdGhiG0lq4CXSh5p5GAhtSX+Y46+ > 4VpdcmzxO0lVw3YBd0Y84yQ68XXhRMGzdmMAvz3wpsJmC2spFpRpRm/1GXm/wRRa > mzECInkmsxLww9uotYIcONgxU5jo/FOZ/o7XHCraVNCxticDFTrkPs3PP1YKcjlT > iEk6hA+Fmr5Px966udyflYUwNyz/Ut+damOrQEdkOmtqSA4WKg== > -----END NEW CERTIFICATE REQUEST----- > > % Granted certificate: > -----BEGIN CERTIFICATE----- > MIICZTCCAc6gAwIBAgIBAzANBgkqhkiG9w0BAQQFADANMQswCQYDVQQDEwJDQTAe > Fw0xMDEwMDYxNDM5NDdaFw0xMTEwMDYxNDM5NDdaMBwxDTALBgNVBAsTBGtpbmcx > CzAJBgNVBAMTAnIzMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA02Ic > XpqvDCqp2ASVtqwwI7F+ua6hY9jENvTGxk5hFcCoNYCvJw3B+lf9DWrZwUyzoI/8 > 6BYnNMNgn80goQSeb6xd+DO+VDmKtNvvUO42nGGW0JY1L91IYaPoFSYmUlvQmUI1 > KW/YvCMQkfzKr0aeWMxDqKXF9R4LM9hcRmS4dkfq9rAOu33zIuMDWfjAWdzVvmy/ > o7H3Ks7rICmmcRdD93Rga7ifFXBtU0L18Tyib6CN1ixcp+Yod4hc/UlEIJab0Sr0 > RnITstwq0N/lf27Bmq7Ze2p5wXL/aNjAb3DNFS9lYinS3lL7eOfGAg/ITZPc+h+W > Y2d9cDcND+6Fia0XTwIDAQABo0IwQDAfBgNVHSMEGDAWgBRzXnEYMcCNgYBcGXfB > e2t5nKt04TAdBgNVHQ4EFgQUe30hVerDbDvhd6PhHUlXQrdRT/cwDQYJKoZIhvcN > AQEEBQADgYEApT47F7wZEWsQM6KC+n3hGRgbNp2xN74Z4lFeLRmyZafgdtAYdwd1 > +qALSueBbmCur4U/K3gXDEQKw0fJlsCkhq8g7cVL16e7BLZS7angxctJnxgcpgtx > uYMosB39WG92sVMAUKS6J6DRFcOAebR9Ua0+7t3TrWt0Iem0q82+2E0= > -----END CERTIFICATE----- > > Copy the granted cert and paste in the notepad. Save it and rename it with > .cer extension. Double click to view to cert and see, if it is valid. > > Now install the cert to Microsoft cert store > personal folder by right > clicking on cert file and clicking on Install. > > Now in the VPN client go to Certificates > Import > Import from Microsoft > Store and select the cert that you installed above. > > It worked like a Gem. > > If the SCEP enrollment fails, don't panic just use the above method, it > will work like GEM :-) > > > > > > > With regards > Kings >
_______________________________________________ For more information regarding industry leading CCIE Lab training, please visit www.ipexpert.com
