2003 Enterprise CA, MSCEP - 0 length cert message on cisco 837 rou

TheMSsForum.com: The Microsoft Software Forum

Hello Everyone,

I'm trying to use MSCEP on a 2003 Enterprise CA to request a certificate for
Cisco 837 router. When I run the cisco command "crypto ca authenticate
TRS-AD-CA" the router comes back with a message "% Error in receiving
Certificate Authority certificate: status = , cert length = 0" which
indicates that my 2003 CA is not sending anything back for the request.

I can successfully request a certifcate from this router when I connect to a
2000 Standalone CA but my new 2003 Enterprise CA is not working correctly. I
initially had problems with the 2003 Cert Server installation as IIS was
already installed on the server before DCPROMO was run however I followed the
Microsoft Knowledge base article (332097) and corrected the security
permisions. When I install MSCEP I can see that the CA issues an "Exchange
Certificate" and "CEP certificate" but there is still something wrong when
trying to get the router to request a cert.

I think the CA is okay as I can request other Certs from a web browser etc.
and I see my AD Domain servers have automatically requested and received
certificates however my MSCEP is failing.

Does anyone have any ideas where to look to resolve this problem as I can't
find any similar problems on the internet.


Thanks in advance,

Peter Arians.
Top

Re: 2003 Enterprise CA, MSCEP - 0 length cert message on cisco 837 rou by S

S
Sat Apr 30 23:55:34 CDT 2005

Just worked for me on Friday with Windows 2000 Enterprise CA and Nokia VPN.
I would be looking at alternative way of delivering the CA certificate to
the router.

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-


"Peter Arians" <PeterArians@discussions.microsoft.com> wrote in message
news:99296050-B156-4AA7-806E-A7C8C16F2362@microsoft.com...
> Hello Everyone,
>
> I'm trying to use MSCEP on a 2003 Enterprise CA to request a certificate
for
> Cisco 837 router. When I run the cisco command "crypto ca authenticate
> TRS-AD-CA" the router comes back with a message "% Error in receiving
> Certificate Authority certificate: status = , cert length = 0" which
> indicates that my 2003 CA is not sending anything back for the request.
>
> I can successfully request a certifcate from this router when I connect to
a
> 2000 Standalone CA but my new 2003 Enterprise CA is not working correctly.
I
> initially had problems with the 2003 Cert Server installation as IIS was
> already installed on the server before DCPROMO was run however I followed
the
> Microsoft Knowledge base article (332097) and corrected the security
> permisions. When I install MSCEP I can see that the CA issues an "Exchange
> Certificate" and "CEP certificate" but there is still something wrong when
> trying to get the router to request a cert.
>
> I think the CA is okay as I can request other Certs from a web browser
etc.
> and I see my AD Domain servers have automatically requested and received
> certificates however my MSCEP is failing.
>
> Does anyone have any ideas where to look to resolve this problem as I
can't
> find any similar problems on the internet.
>
>
> Thanks in advance,
>
> Peter Arians.


Top

RE: 2003 Enterprise CA, MSCEP - 0 length cert message on cisco 837 rou by LevenMorton

LevenMorton
Wed May 04 11:31:03 CDT 2005

I need to place the MSCEP interface on a server in a DMZ that does not host
2003Enterprise CA. Do you have any suggestions??


"Peter Arians" wrote:

> Hello Everyone,
>
> I'm trying to use MSCEP on a 2003 Enterprise CA to request a certificate for
> Cisco 837 router. When I run the cisco command "crypto ca authenticate
> TRS-AD-CA" the router comes back with a message "% Error in receiving
> Certificate Authority certificate: status = , cert length = 0" which
> indicates that my 2003 CA is not sending anything back for the request.
>
> I can successfully request a certifcate from this router when I connect to a
> 2000 Standalone CA but my new 2003 Enterprise CA is not working correctly. I
> initially had problems with the 2003 Cert Server installation as IIS was
> already installed on the server before DCPROMO was run however I followed the
> Microsoft Knowledge base article (332097) and corrected the security
> permisions. When I install MSCEP I can see that the CA issues an "Exchange
> Certificate" and "CEP certificate" but there is still something wrong when
> trying to get the router to request a cert.
>
> I think the CA is okay as I can request other Certs from a web browser etc.
> and I see my AD Domain servers have automatically requested and received
> certificates however my MSCEP is failing.
>
> Does anyone have any ideas where to look to resolve this problem as I can't
> find any similar problems on the internet.
>
>
> Thanks in advance,
>
> Peter Arians.
Top

Re: 2003 Enterprise CA, MSCEP - 0 length cert message on cisco 837 rou by S

S
Sat May 07 20:13:14 CDT 2005

I believe SCEP is using HTTP - you can place HTTP proxy in the DMZ, which
will forward the requests to the Microsoft CA.

--
Svyatoslav Pidgorny, MS MVP - Security, MCSE
-= F1 is the key =-

"Leven Morton" <LevenMorton@discussions.microsoft.com> wrote in message
news:97D8BF16-F2F7-4FDA-B814-4D1DE18B7710@microsoft.com...
> I need to place the MSCEP interface on a server in a DMZ that does not
host
> 2003Enterprise CA. Do you have any suggestions??
>
>
> "Peter Arians" wrote:
>
> > Hello Everyone,
> >
> > I'm trying to use MSCEP on a 2003 Enterprise CA to request a certificate
for
> > Cisco 837 router. When I run the cisco command "crypto ca authenticate
> > TRS-AD-CA" the router comes back with a message "% Error in receiving
> > Certificate Authority certificate: status = , cert length = 0" which
> > indicates that my 2003 CA is not sending anything back for the request.
> >
> > I can successfully request a certifcate from this router when I connect
to a
> > 2000 Standalone CA but my new 2003 Enterprise CA is not working
correctly. I
> > initially had problems with the 2003 Cert Server installation as IIS was
> > already installed on the server before DCPROMO was run however I
followed the
> > Microsoft Knowledge base article (332097) and corrected the security
> > permisions. When I install MSCEP I can see that the CA issues an
"Exchange
> > Certificate" and "CEP certificate" but there is still something wrong
when
> > trying to get the router to request a cert.
> >
> > I think the CA is okay as I can request other Certs from a web browser
etc.
> > and I see my AD Domain servers have automatically requested and received
> > certificates however my MSCEP is failing.
> >
> > Does anyone have any ideas where to look to resolve this problem as I
can't
> > find any similar problems on the internet.
> >
> >
> > Thanks in advance,
> >
> > Peter Arians.


Top