Failed Cert Request with MSCEP

Mike

Splendid
Apr 1, 2004
3,865
0
22,780
Archived from groups: microsoft.public.win2000.security (More info?)

When enrolling a Cisco PIX firewall to the Win2K CA using
MSCEP, the request immediately goes into the Failed
Requests store with an associated error of:

Certificate Services could not process request due to an
error: The certificate is revoked.

Similarly the PIX debug shows:
CRYPTO_PKI: status = 101: certificate request is rejected

There is an old revoked certificate sitting in the revoked
store. Does anybody know how can I get around this problem
to install a new device certificate on the PIX?

Thanks for listening!

Mike.
 
G

Guest

Guest
Archived from groups: microsoft.public.win2000.security (More info?)

I am not familiar with that particular error. I do know that we customers
have successfully used PIX enrollment against a Windows Server 2003 CA:
http://www.microsoft.com/downloads/details.aspx?displaylang=en&familyid=9f306763-d036-41d8-8860-1636411b2d01


Do you see any application event logs on the CA related to the rejected
request?

--


David B. Cross [MS]

--
This posting is provided "AS IS" with no warranties, and confers no rights.

http://support.microsoft.com

"Mike" <anonymous@discussions.microsoft.com> wrote in message
news:1e62c01c45551$c402db50$a501280a@phx.gbl...
> When enrolling a Cisco PIX firewall to the Win2K CA using
> MSCEP, the request immediately goes into the Failed
> Requests store with an associated error of:
>
> Certificate Services could not process request due to an
> error: The certificate is revoked.
>
> Similarly the PIX debug shows:
> CRYPTO_PKI: status = 101: certificate request is rejected
>
> There is an old revoked certificate sitting in the revoked
> store. Does anybody know how can I get around this problem
> to install a new device certificate on the PIX?
>
> Thanks for listening!
>
> Mike.
 

Mike

Splendid
Apr 1, 2004
3,865
0
22,780
Archived from groups: microsoft.public.win2000.security (More info?)

Hi David,

The error from the CA that I quoted, viz:

Certificate Services could not process request due to an
error: The certificate is revoked.

has come from the application event log. I don't see any
other useful information from the certificate services
side of things other than another failed enrollment
request!

I must have a config problem somewhere but I'm following
the documentation to the letter. If only I could work out
why a previously revoked certificate is causing a new
enrollment request to fail!

Any help appreciated!

Thanks,

Mike.

>-----Original Message-----
>I am not familiar with that particular error. I do know
that we customers
>have successfully used PIX enrollment against a Windows
Server 2003 CA:
>http://www.microsoft.com/downloads/details.aspx?
displaylang=en&familyid=9f306763-d036-41d8-8860-
1636411b2d01
>
>
>Do you see any application event logs on the CA related
to the rejected
>request?
>
>--
>
>
>David B. Cross [MS]
>
>--
>This posting is provided "AS IS" with no warranties, and
confers no rights.
>
>http://support.microsoft.com
>
>"Mike" <anonymous@discussions.microsoft.com> wrote in
message
>news:1e62c01c45551$c402db50$a501280a@phx.gbl...
>> When enrolling a Cisco PIX firewall to the Win2K CA
using
>> MSCEP, the request immediately goes into the Failed
>> Requests store with an associated error of:
>>
>> Certificate Services could not process request due to an
>> error: The certificate is revoked.
>>
>> Similarly the PIX debug shows:
>> CRYPTO_PKI: status = 101: certificate request is
rejected
>>
>> There is an old revoked certificate sitting in the
revoked
>> store. Does anybody know how can I get around this
problem
>> to install a new device certificate on the PIX?
>>
>> Thanks for listening!
>>
>> Mike.
>
>
>.
>