hi all! i'm trying to use openca with cisco equipment i've deploy canonical 3-server scheme (ca, ra, pub/scep). it seems working correctly with my mozilla browser. (i've requested and got my browser certificate).
then i've configured ca trustpoint on my cisco device (1605 router with ios 12.2(15)T9)
---------------------
crypto ca trustpoint RTS
enrollment retry count 30
enrollment mode ra
enrollment url http://pub.ca.rtsnet.ru:80/cgi-bin/scep/scep
usage ike
password ...
subject-name CN=ats-1605-1.rtsnet.ru, O=RTS Stock Exchange, C=RU
rsakeypair RTS-PKI
---------------------
and now when i'm tryng to get routers own certificate this error occures.
---------------------
ats-1605-1(config)#crypto ca enroll RTS
%
% Start certificate enrollment ..
% The subject name in the certificate will be: CN=ats-1605-1.rtsnet.ru, O=RTS Stock Exchange, C=RU
% The fully-qualified domain name in the certificate will be: ats-1605-1.rtsnet.ru
% The subject name in the certificate will be: ats-1605-1.rtsnet.ru
% Include the router serial number in the subject name? [yes/no]: no
% Include an IP address in the subject name? [no]:
Request certificate from CA? [yes/no]: yes
% Certificate request sent to Certificate Authority
% The certificate request fingerprint will be displayed.
% The 'show crypto ca certificate' command will also show the fingerprint.
ats-1605-1(config)#
Jul 20 11:59:18.523 MSD: CRYPTO_PKI: Sending CA Certificate Request:
GET /cgi-bin/scep/scep/pkiclient.exe?operation=GetCACert&message=RTS HTTP/1.0
Jul 20 11:59:18.602 MSD: CRYPTO_PKI: http connection opened
Jul 20 11:59:19.027 MSD: CRYPTO_PKI: HTTP response header:
HTTP/1.1 200 OK
Date: Tue, 20 Jul 2004 07:59:18 GMT
Server: Apache/1.3.26 (Unix) Debian GNU/Linux
Set-Cookie: CGISESSID=9e0cabba62f9556d0f67345fd2c624ad; path=/
Connection: close
Content-Type: application/x-x509-ca-ra-cert
Content-Type indicates we have received CA and RA certificates.
Jul 20 11:59:19.035 MSD: CRYPTO_PKI:crypto_process_ca_ra_cert(trustpoint=RTS)
Jul 20 11:59:20.296 MSD: The PKCS #7 message contains 2 certificates.
Jul 20 11:59:20.582 MSD: CRYPTO_PKI:crypto_pkcs7_insert_ra_certs found RA certs
Jul 20 11:59:20.642 MSD: CRYPTO_PKI: transaction PKCSReq completed
Jul 20 11:59:20.642 MSD: CRYPTO_PKI: status:
Jul 20 11:59:41.288 MSD: CRYPTO_PKI: http connection opened
Jul 20 11:59:44.510 MSD: CRYPTO_PKI: received msg of 2395 bytes
Jul 20 11:59:44.514 MSD: CRYPTO_PKI: HTTP response header:
HTTP/1.1 200 OK
Date: Tue, 20 Jul 2004 07:59:43 GMT
Server: Apache/1.3.26 (Unix) Debian GNU/Linux
Set-Cookie: CGISESSID=42392e4d2471cae6247c22caff85f123; path=/
Connection: close
Content-Type: x-pki-message
. . .
Jul 20 12:07:11.666 MSD: The PKCS #7 message has 1 verified signers.
Jul 20 12:07:11.670 MSD: signing cert: [EMAIL PROTECTED],cn=RTS Private CA,o=RTS Stock Exchange,c=RU6
Jul 20 12:07:11.674 MSD: Signed Attributes:
Jul 20 12:07:11.686 MSD: CRYPTO_PKI: status = 102: certificate request pending
Jul 20 12:07:11 MSD: %SYS-3-CPUHOG: Task ran for 5044 msec (20/14), process = Crypto PKI RECV , PC = 2C3F0F2.
-Traceback= 216404A 2C3F0FA
Jul 20 12:07:21.979 MSD: CRYPTO_PKI: All sockets are closed for trustpoint RTS.
Jul 20 12:07:31.903 MSD: CRYPTO_PKI: All sockets are closed for trustpoint RTS.
Jul 20 12:07:41.827 MSD: CRYPTO_PKI: All sockets are closed for trustpoint RTS.
Jul 20 12:07:51.747 MSD: CRYPTO_PKI: All sockets are closed for trustpoint RTS.
Jul 20 12:08:01.668 MSD: CRYPTO_PKI: All sockets are closed for trustpoint RTS.
Jul 20 12:08:11.211 MSD: CRYPTO_PKI: resend GetCertInitial, 7
Jul 20 12:08:11.215 MSD: CRYPTO_PKI: All sockets are closed for trustpoint RTS.
Jul 20 12:08:11.215 MSD: CRYPTO_PKI: resend GetCertInitial for session: 0
Jul 20 12:08:11.271 MSD: CRYPTO_PKI: http connection opened
Jul 20 12:08:13.782 MSD: CRYPTO_PKI: received msg of 215 bytes
Jul 20 12:08:13.786 MSD: CRYPTO_PKI: HTTP response header:
HTTP/1.1 200 OK
Date: Tue, 20 Jul 2004 08:08:13 GMT
Server: Apache/1.3.26 (Unix) Debian GNU/Linux
Set-Cookie: CGISESSID=ac2e7d46038b948b4292a9455c2f7896; path=/
Connection: close
Content-Type: x-pki-message
Jul 20 12:08:15.048 MSD: pkcs7 verify data returned status 0x707
Jul 20 12:08:15.100 MSD: CRYPTO_PKI: status = 1799: failed to verify
Jul 20 12:08:15 MSD: %CRYPTO-6-CERTFAIL: Certificate enrollment failed.
Jul 20 12:08:15.108 MSD: CRYPTO_PKI: All enrollment requests completed for trustpoint RTS.
Jul 20 12:08:15.112 MSD: CRYPTO_PKI: All enrollment requests completed for trustpoint RTS.
Jul 20 12:08:15.179 MSD: CRYPTO_PKI: All enrollment requests completed for trustpoint RTS.
-- Konstantin Khrooschev. RTS Stock Exchange. Network Department.
------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
