Hello,
I had a CA with a DN like "O=...,C=..." and all worked properly but I
recently switched to a DN like "DC=...,DC=..." and now my Cisco router
do not accept my CA certificate anymore.
It fails with a strange error message :
gw# conf t
gw(config)# crypto pki trustpoint myca.os
gw(ca-trustpoint)# enrollment terminal pem
gw(ca-trustpoint)# exit
gw(config)# crypto pki authenticate myca.os
Enter the base 64 encoded CA certificate.
End with a blank line or the word "quit" on a line by itself
-----BEGIN CERTIFICATE-----
MIIFCzCCA/OgAwIBAgIJAOQTdg7HmRUOMA0GCSqGSIb3DQEBBQUAMFoxEjAQBgoJ
[...]
2WbcWHSP/pPEMIlBnBfLg7YpmyjfLiyM+hwXY6tagUkT8RLZFaPsmEl3dONj3GI=
-----END CERTIFICATE-----
quit
% Error in saving certificate: status = FAIL
Jul 21 12:41:11: E ../cert-c/source/certobj.c(1295) : Error #72Ah
Jul 21 12:41:11: E ../cert-c/source/certobj.c(719) : Error #72Ah
Jul 21 12:41:11: CRYPTO_PKI: can not set ca cert object (0x72A)
Jul 21 12:41:11: CRYPTO_PKI: status = 65535: failed to process RA
certificate
Does anybody succeed with this ? Does anyone know if Cisco routers can
handle certs with the DC style ?
Thanks,
Nicolas MASSE.
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys -- and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
Openca-Users mailing list
Openca-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-users
