trouble requestin windows 2003 ca server public key from pix

Discussion in 'Cisco' started by Bob Smith, Dec 10, 2003.

  1. Bob Smith

    Bob Smith Guest

    My windows 2003 ca server is on the inside network. I notice from the
    examples from cisco that for windows 2000 you would use: ca identity
    nickname 192.168.12.4:/certsrv/mscep/mscep.dll. Well, I tried that and
    a bunch of other variations to no avail. On my 2003 server the
    mscep.dll does not exist nor does the mscep directory. My ca server
    appears to work fine in that I can point a local client at it and down
    load the ca public key via the browser ( server is enabled for
    web/ias/dns/certificate services ). I'm focusing on the "ca identity"
    syntax as being the problem. My guess is the reference has changed, or
    maybe 2003 ca is not supported. Can anybody shed light?
     
    Bob Smith, Dec 10, 2003
    #1
    1. Advertisements

  2. Bob Smith

    Rik Bain Guest

    FWIW, mscep.dll is available in the 2003 resource kit.
     
    Rik Bain, Dec 10, 2003
    #2
    1. Advertisements

  3. Bob Smith

    troy lebouef Guest

    Well you will find that it will not work with 2000 server. You will
    get further with 2003 when I did it it worked with no hitch. The 2000
    platform has issues with scep and cisco tech support is no help. The
    most that they do is point you to microsoft website for the update
    that is for the 2003 platform of mscep that will not work on 2000.

    I am currently working on the same thing and decided to go to 2003
    server for this project of tieing cert authentication from the routers
    for vpn authentication.

    Hope this helps.
    Troy
     
    troy lebouef, Dec 10, 2003
    #3
  4. Bob Smith

    Masud Reza Guest


    Hi:

    The name of the file is cepsetup.exe. Please note that there are two
    separate versions: one for the windows 2000 server and one for windows
    2003 server series. The 2000 Server version has (to the best of my
    knowledge) been removed from the Microsoft website. You can only get
    it on the support CDs (technet?). The 2003 version fortunately is
    available. (make sure the URL below is ALL on one line in your
    browser).

    http://www.microsoft.com/downloads/...familyid=9f306763-d036-41d8-8860-1636411b2d01

    The SCEP will not work if your CA has a non-alphanumeric character in
    the name of the CA server. This includes .-? and other characters. For
    example, if you named your CA Server VPN-CA, the scep is not going to
    work after you run the cepsetup.exe file :p.

    Make sure that you use names that have no fancy characters eg VPNCA

    Masud
     
    Masud Reza, Dec 11, 2003
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.