ASA 8.4 and win 2008 ca problem

Discussion in 'Cisco' started by binelipetrov, Feb 23, 2011.

  1. binelipetrov

    binelipetrov

    Joined:
    Feb 23, 2011
    Messages:
    1
    Likes Received:
    0
    Hi,

    we have a problem with authenticating to the trustpoint for CA on WIn 2008 Enterprise machine. Enrollment url
    enrollment url http://CAWin2008/certsrv/mscep_admin/

    We are getting following error
    ERROR: receiving Certificate Authority certificate: status = FAIL, cert length = 0
    ASA(config)# Content-Type indicates we did not receive a certificate.

    after trying to authenticate.

    After checking wireshark files on Win2008 machine, we noticed that WIN2008 are sending specific HTTP 401 'unaothorized:access is denied due to invalid credentials. You do not have permission to view this directory or page using the credentials that you supplied.' error, it is like CA and their IIS service is trying to authenticate ASA but ASA does not send any credentials.

    Is anybody familiar with this problem and how we can solve it?

    Vladimir
     
    binelipetrov, Feb 23, 2011
    #1
    1. Advertisements

  2. binelipetrov

    spop

    Joined:
    May 28, 2011
    Messages:
    1
    Likes Received:
    0
    spop, May 28, 2011
    #2
    1. Advertisements

  3. binelipetrov

    Roee Kasir

    Joined:
    Sep 4, 2013
    Messages:
    1
    Likes Received:
    0
    Can not get Certificate


    Hi

    I have a similiar issue to get a certificate from microsoft CA server on windows 2008 server .
    I am trying to get the Certificate using Cisco Router 3825 and receive :



    R2(config)#crypto ca authenticate dialogic-S444802-CA
    % Error in receiving Certificate Authority certificate: status = FAIL, cert length = 0
    R2(config)#
    Sep 4 13:12:50.335: CRYPTO_PKI: Sending CA Certificate Request:
    GET /certsrv/mscep/mscep.dll/pkiclient.exe?operation=GetCACert&message=dialogic-S444802-CA HTTP/1.0
    User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Cisco PKI)
    Host: 192.168.4.150

    Sep 4 13:12:50.335: CRYPTO_PKI: locked trustpoint dialogic-S444802-CA, refcount is 1
    Sep 4 13:12:50.335: CRYPTO_PKI: can not resolve server name/IP address
    Sep 4 13:12:50.335: CRYPTO_PKI: Using unresolved IP Address 192.168.4.150
    Sep 4 13:12:50.335: CRYPTO_PKI: http connection opened
    Sep 4 13:12:50.335: CRYPTO_PKI: Sending HTTP message
    Sep 4 13:12:50.335: CRYPTO_PKI: Reply HTTP header:
    HTTP/1.0
    User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Cisco PKI)
    Host: 192.168.4.150

    Sep 4 13:12:50.335: CRYPTO_PKI: unlocked trustpoint dialogic-S444802-CA, refcount is 0
    Sep 4 13:12:50.335: CRYPTO_PKI: locked trustpoint dialogic-S444802-CA, refcount is 1
    Sep 4 13:12:50.835: CRYPTO_PKI: unlocked trustpoint dialogic-S444802-CA, refcount is 0
    Sep 4 13:12:50.835: CRYPTO_PKI: Reply HTTP header:
    HTTP/1.1 404 Not Found
    Server: Apache-Coyote/1.1
    Content-Type: text/html;charset=utf-8
    Content-Length: 1066
    Vary: Accept-Encoding
    Date: Wed, 04 Sep 2013 10:12:57 GMT
    Connection: close
    Content-Type indicates we did not receive a certificate.
    Sep 4 13:12:50.835: CRYPTO_PKI: transaction GetCACert completed


    My Router configuration for trustpoint is :

    crypto pki trustpoint dialogic-S444802-CA
    enrollment retry count 5
    enrollment retry period 3
    enrollment url
    ip-address 192.168.4.150
    revocation-check none

    I really apreciate your assitance and Pls let me know which knowledge is missing .

    thaanks
    Roee
     
    Roee Kasir, Sep 4, 2013
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.