Оборудование - Cisco 2821, прошивка C2800NM-ADVIPSERVICESK9-M
На windows 2003 server развернул Microsoft CA, установил поддержку SCEP в MS CA.
Соответственно развернул IIS.
На циске такой конфиг:crypto pki trustpoint msca
enrollment retry period 10
enrollment url http://10.1.0.78:80/certsrv/mscep/mscep.dll
revocation-check crl
rsakeypair 2821key 2048 2048
auto-enroll 90 regenerate
Далее
crypto pki auth msca
выдает следующее:
% Error in receiving Certificate Authority certificate: status = FAIL, cert leng
th = 0
AT_Router_2821(config)#
*Mar 31 12:00:57.070: CRYPTO_PKI: Sending CA Certificate Request:
GET /certsrv/mscep/mscep.dll/pkiclient.exe?operation=GetCACert&message=msca HTTP
/1.0
User-Agent: Mozilla/4.0 (compatible; MSIE 5.0; Cisco PKI)
*Mar 31 12:00:57.070: CRYPTO_PKI: can not resolve server name/IP address
*Mar 31 12:00:57.070: CRYPTO_PKI: Using unresolved IP Address 10.1.0.78
*Mar 31 12:00:57.074: CRYPTO_PKI: http connection opened
*Mar 31 12:00:57.086: CRYPTO_PKI: HTTP response header:
HTTP/1.1 200 OK
Connection: close
Date: Fri, 31 Mar 2006 12:03:57 GMT
Server: Microsoft-IIS/6.0
Content-Length: 4083
Content-Type: application/x-x509-ca-ra-cert
Content-Type indicates we have received CA and RA certificates.
*Mar 31 12:00:57.090: CRYPTO_PKI:crypto_process_ca_ra_cert(trustpoint=msca)
*Mar 31 12:00:57.110: crypto_certc_pkcs7_extract_certs_and_crls failed (1795):
*Mar 31 12:00:57.110: crypto_certc_pkcs7_extract_certs_and_crls failed
*Mar 31 12:00:57.110: CRYPTO_PKI:crypto_pkcs7_extract_ca_cert returned 1795
*Mar 31 12:00:57.110: CRYPTO_PKI: Unable to read CA/RA certificates.
*Mar 31 12:00:57.110: %PKI-3-GETCARACERT: Failed to receive RA/CA certificates.
*Mar 31 12:00:57.110: CRYPTO_PKI: transaction GetCACert completed
Почему циска воспринимает сертификат от MS CA?