Hi ,
I am facing a particular error , in my two routers , which are configured
to enroll with the CA , which is the Win2K Advanced Server , setup with the
cepsetup .
I have got the routers enrolled with the CA server and the administrator on
WIn2K server has also issued the certificates as well .
As I give the command of
crypto ca enroll xyz.com , it asks me for the password to create after
which it gives me an error message of :
R3(config)#
Signing Certificate Reqeust Fingerprint:
9FBA1550 C448F5B0 A1073F33 BF4D4C99
Encryption Certificate Request Fingerprint:
ADACBCA0 83E0352C B7106133 F03217ED
03:52:10: %CRYPTO-6-CERTREJECT: Certificate enrollment request was rejected
by C
ertificate Authority
03:52:11: %CRYPTO-6-CERTREJECT: Certificate enrollment request was rejected
by C
ertificate Authority
what could be cause of this error , both of my routers are configurd
properly , I am pasting there confis of the router below as well , do let me
know what I should do .
thanks,
--
Navin Parwal
Director
Technosys
tel: 91-141-372400
[EMAIL PROTECTED]
********************************
R3#sh run
Building configuration...
Current configuration : 7328 bytes
!
! Last configuration change at 18:24:23 UTC Tue Apr 16 2002
! NVRAM config last updated at 18:17:07 UTC Tue Apr 16 2002
!
version 12.2
service timestamps debug uptime
service timestamps log uptime
no service password-encryption
!
hostname R3
!
!
memory-size iomem 10
ip subnet-zero
!
!
ip domain-name xyz.com
ip host server 192.168.255.2
!
ip audit notify log
ip audit po max-events 100
ip ssh time-out 120
ip ssh authentication-retries 3
!
crypto ca identity xyz.com
enrollment mode ra
enrollment url http://server:80/certsrv/mscep/mscep.dll
crl optional
crypto ca certificate chain xyz.com
certificate ra-sign 6169436B000000000007
308203CA 30820374 A0030201 02020A61 69436B00 00000000 07300D06 092A8648
86F70D01 01050500 306A3115 30130609 2A864886 F70D0109 01160670 61727761
6C310B30 09060355 04061302 494E3112 30100603 55040813 0972616A 61737468
FDBC2CAF 1625A3E4 D24F3F57 3F2C2DBD 2C9C1A5A 1123EDA1 348FECDE 54E8947D
16D77C4A FBAD
quit
!
call rsvp-sync
!
!
!
!
!
!
!
!
interface Ethernet0/0
ip address 192.168.1.1 255.255.255.0
no keepalive
half-duplex
!
interface Serial0/0
ip address 172.16.1.1 255.255.255.252
no fair-queue
!
interface Serial0/1
no ip address
shutdown
!
router rip
network 172.16.0.0
network 192.168.1.0
network 192.168.2.0
network 192.168.255.0
!
ip classless
ip http server
ip pim bidir-enable
!
!
dial-peer cor custom
!
!
!
!
!
line con 0
line aux 0
line vty 0 4
!
no scheduler allocate
end
R3#
R3#conf term
Enter configuration commands, one per line. End with CNTL/Z.
R3(config)#crypto ca enroll xyz.com
% Start certificate enrollment ..
% Create a challenge password. You will need to verbally provide this
password to the CA Administrator in order to revoke your certificate.
For security reasons your password will not be saved in the
configuration.
Please make a note of it.
Password:
Re-enter password:
% The subject name in the certificate will be: R3.xyz.com
% Include the router serial number in the subject name? [yes/no]: n
% Include an IP address in the subject name? [yes/no]: n
Request certificate from CA? [yes/no]: y
% Certificate request sent to Certificate Authority
% The certificate request fingerprint will be displayed.
% The 'show crypto ca certificate' command will also show the fingerprint.
R3(config)#
Signing Certificate Reqeust Fingerprint:
9FBA1550 C448F5B0 A1073F33 BF4D4C99
Encryption Certificate Request Fingerprint:
ADACBCA0 83E0352C B7106133 F03217ED
03:52:10: %CRYPTO-6-CERTREJECT: Certificate enrollment request was rejected
by C
ertificate Authority
03:52:11: %CRYPTO-6-CERTREJECT: Certificate enrollment request was rejected
by C
ertificate Authority
R3(config)#
R3(config)#
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=41602&t=41602
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
