Ok, so with all the 'gurus' out here, there must be someone that has done this before. I've gone through all the documentation I can find on Microsoft's web site and Cisco's web site looking for information on setting up a CA on Windows 2000 and having a Cisco router use SCEP to register for a certificate. I've loaded the SCEP plug in, upgraded the version to the most recent on the Windows box, but I'm still haveing troubles with registration. Using IOS 12.1(9)e on a 7206VXR and/or 12.2(4)YB on a 1760. After setting the hostname, domain name and creating the RSA keys on the router I do the following (config)#crypto ca identity YourCA (ca-identity)#enrollment url http://IP.ADD.RES.S:80/certsrv/mscep/mscep.dll (ca-identity)#enrollment mode ra (ca-identity)#query url ldap://IP.ADD.RES.S Then authenticate... all is well (config)#crypto ca authenticate YourCA I get the fingerprint, accept the cert. Then enrolling: (config)#crypto ca enroll YourCA Starts the enrollment, provide the challenge password for revocation purposesaccept the defaults for the certificate name, ect Fingerprint comes up like it should... then BAM! %CRYPTO-6-CERTREJECT message The microsoft cert server is set up as a stand alone root CA, and the web enrollment for certificates is working just fine(user type certs). Ideas? Thoughts? Thanks! Bill
Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=43277&t=43277 -------------------------------------------------- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]