Hi together, after I got SCEP successfuly working with the sscep client, I now wanted to configure my cisco routers to get their certificates from my OpenCA installation. But already when I try to get my CA certificate, it fails with the following error on my router:
Router(config)#crypto ca authenticate OpenCA 00:03:40: CRYPTO_PKI: Sending CA Certificate Request: GET /cgi-bin/openca/scep/scep/pkiclient.exe?operation=GetCACert&message=OpenCA H TTP/1.0 00:03:40: CRYPTO_PKI: can not resolve server name/IP address 00:03:40: CRYPTO_PKI: Using unresolved IP Address 192.168.1.201 % Error in receiving Certificate Authority certificate: status = FAIL, cert leng th = 0 Router(config)# 00:03:42: CRYPTO_PKI: http connection opened 00:03:43: CRYPTO_PKI: HTTP response header: HTTP/1.1 200 OK Date: Mon, 23 Oct 2006 09:56:31 GMT Server: Apache/2.0.53 (Linux/SUSE) Set-Cookie: CGISESSID=bb9e766287d5d0ad4cf7d1f2d0886c76; path=/ Content-Length: 2697 Connection: close Content-Type: application/x-x509-ca-ra-cert Content-Type indicates we have received CA and RA certificates. 00:03:43: CRYPTO_PKI:crypto_process_ca_ra_cert(trustpoint=OpenCA) 00:03:43: crypto_certc_pkcs7_extract_certs_and_crls failed (1795): 00:03:43: crypto_certc_pkcs7_extract_certs_and_crls failed 00:03:43: CRYPTO_PKI:crypto_pkcs7_extract_ca_cert returned 1795 00:03:43: CRYPTO_PKI: Unable to read CA/RA certificates. 00:03:43: %CRYPTO-3-GETCARACERT: Failed to receive RA/CA certificates. 00:03:43: CRYPTO_PKI: transaction GetCACert completed My configuration on the cisco router (ok, not enough for requesting certificates, but for downloading the ca cert it should be enough): crypto ca trustpoint OpenCA enrollment mode ra enrollment url http://192.168.1.201:80/cgi-bin/openca/scep/scep My IOS-Version and hardware is: Cisco 3620 with c3620-ik9o3s6-mz.123-20.bin I read through some older threads already mentioning this problem but I could not find any hint what is wrong here. Perhaps someone of you can help me. Kind regards, Matthias ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
