witam kolegow, mam taki dziwny problem. otoz moj ruter nie moze pobrac certyfikatu od windows 2000 RA/CA poniewaz serwer odrzuca cert_request'y nie wiem dlaczego... CA authentication bez problemu sie udaje i ruter pobiera certyfikat CA...
debug crypto pki transactions:
Mar 28 23:02:04.389: CRYPTO_PKI:crypto_process_ca_ra_cert(trustpoint=win2000CA)
Mar 28 23:02:05.138: The PKCS #7 message contains 3 certificates.
Mar 28 23:02:05.330: CRYPTO_PKI:crypto_pkcs7_insert_ra_certs found RA certs
Mar 28 23:02:05.527: CRYPTO_PKI:crypto_pkcs7_insert_ra_certs found RA certs
Mar 28 23:02:05.543: CRYPTO_PKI: transaction PKCSReq completed
Mar 28 23:02:05.543: CRYPTO_PKI: Encryption Certificate Request Fingerprint: status:
Mar 28 23:02:08.552: I ../crypto/ca/provider/path/pkix/pkixpath.c(1334) : Error #750h
Mar 28 23:02:08.592: CRYPTO_PKI: http connection opened
B362B044 64FA340C 1B16E567 AE241CD7
Mar 28 23:02:12.594: I ../crypto/ca/provider/path/pkix/pkixpath.c(1334) : Error #750h
Mar 28 23:02:12.634: CRYPTO_PKI: http connection opened
Mar 28 23:02:13.640: CRYPTO_PKI: received msg of 810 bytes
Mar 28 23:02:13.644: CRYPTO_PKI: HTTP response header:
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Tue, 28 Mar 2006 21:02:36 GMT
Content-Length: 665
Content-Type: application/x-pki-message
Mar 28 23:02:15.379: The PKCS #7 message has 1 verified signers.
Mar 28 23:02:15.383: signing cert: issuer=cn=CCSP Certification Authority,ou=komputer krisa,o=home-l
ab,l=Szczecin,st=zachodniopomorskie,c=PL,ea=krisator@gmail.com61B8046000002
Mar 28 23:02:15.383: Signed Attributes:
Mar 28 23:02:15.387: CRYPTO_PKI: status = 101: certificate request is rejected
Mar 28 23:02:15.387: CRYPTO_PKI: Fail Info=2
Mar 28 23:02:15.391: %CRYPTO-6-CERTREJECT: Certificate enrollment request was rejected by Certificate Authority
Mar 28 23:02:15.407: CRYPTO_PKI: received msg of 810 bytes
Mar 28 23:02:15.407: CRYPTO_PKI: HTTP response header:
HTTP/1.1 200 OK
Server: Microsoft-IIS/5.0
Date: Tue, 28 Mar 2006 21:02:40 GMT
Content-Length: 665
Content-Type: application/x-pki-message
Mar 28 23:02:17.150: The PKCS #7 message has 1 verified signers.
Mar 28 23:02:17.150: signing cert: issuer=cn=CCSP Certification Authority,ou=komputer krisa,o=home-l
ab,l=Szczecin,st=zachodniopomorskie,c=PL,ea=krisator@gmail.com61B8046000002
Mar 28 23:02:17.154: Signed Attributes:
Mar 28 23:02:17.158: CRYPTO_PKI: status = 101: certificate request is rejected
Mar 28 23:02:17.158: CRYPTO_PKI: Fail Info=2
Mar 28 23:02:17.158: CRYPTO_PKI: All enrollment requests completed for trustpoint win2000CA.
Mar 28 23:02:17.162: %CRYPTO-6-CERTREJECT: Certificate enrollment request was rejected by Certificate Authority
macie jakies pomysly co to moze byc??
windows 2000 CA certificate request failure
wlasnie problem w tym, ze w M$ w katalogu nieudanych requestow nic nie ma, w odrzuconych rowniez...
crypto ca trustpoint win2000CA
enrollment mode ra
enrollment url http://win2000server/certsrv/mscep/mscep.dll
no i w tablicy hostow mam: ip host win2000server poprawny.ip
wg mnie to moze byc problem z windowsem... ale moge sie mylic
crypto ca trustpoint win2000CA
enrollment mode ra
enrollment url http://win2000server/certsrv/mscep/mscep.dll
no i w tablicy hostow mam: ip host win2000server poprawny.ip
wg mnie to moze byc problem z windowsem... ale moge sie mylic
niestety dalej nic...Seba pisze: A spróbuj bez tego ... Dla testów oczywiście, a potem zastanowimy się co i jak dalej.
dodatkowo po wlaczeniu debug crypto pki messages /oraz przy wlaczonym wczesniej debug crypto pki transactions/ i probie uzyskania certyfikatu od serwera router sie restartuje... ciekawa sprawa ios 12.3-3A na 2611 - 64mb ram i 16mb flash
jakies pomysly co to moze byc??