CA Server rejected ID Cert request
I am having an issue with one of my ASA5510's in the rack (the other ASA seems to be getting the cert just fine). When I I try to register my identity cert vis SCEP the ASA comes back with an error message that the request was denied and now certificate shows in the list. BUT!!! When I go to the certificate server I see the certificate for this device under the Issued Certificates?!?!?
Any idea why this is happening?
Also in the lab when you browse the the url http://IPADDRESS/certsrv/mscep/mscep.dll I am not getting the one time password I expect. I am only seeing the thumbprint and the help link on the page.
I am still in the lab at this moment, any help would be greatly appreciated.
Regards,
Alex
Comments
If the cert was issued and denied by ASA, then mostly it is time sync issue. The ASA's time is not within the validity period of cert issued.
With regards
Kings
Kingsley,
Thank you very much for the response. I did forget to set the clock on my ASA =(
How about the issue when I browse to the SCEP in Internet Explorer and it doesn't give the one time password? Is that just turned off?
Thanks,
Alex
Did you try enrolling the cert using blank key? I am not sure whether that can be turned off.
With regards
Kings