From: Jonathan <jws...@gm...> - 2010-07-29 21:19:30
|
Hi all, I am having trouble with obtaining with getcacert on a Cisco ASA 55xx. Currently: 1. The SSCEP query tool at http://www.klake.org/~jt/sscep/ ran from localhost works fine. I obtain the digital certificate and certificate sign. 2. From the apache debug, I see the request come in from the apache log: 192.168.1.1 - - [29/Jul/2010:16:41:04 -0400] "GET /cgi-bin/scep/pkiclient.exe?operation=GetCACert&message=CAIdentifier HTTP/1.0" 200 2068 "-" "-" 3. A packet capture from the 192.168.1.2 (CA server) reveals the ca-ra-cert is sent, from the best of my abilities of viewing. 4. I turned debuging on the asa 55xx router, see the request go out, but get a fail, cert length =0. extract and certs failed (1795) According to cisco documentation, this possibly indicates a parsing error? Is there a field in the certificate that a Cisco Router will not support that openssl may be including? Any crumbs would be most appreciate. Regards and thanks, Jonathan |