Failed Cert Request with MSCEP

Archived from groups: microsoft.public.win2000.security (More info?)

When enrolling a Cisco PIX firewall to the Win2K CA using
MSCEP, the request immediately goes into the Failed
Requests store with an associated error of:

Certificate Services could not process request due to an
error: The certificate is revoked.

Similarly the PIX debug shows:
CRYPTO_PKI: status = 101: certificate request is rejected

There is an old revoked certificate sitting in the revoked
store. Does anybody know how can I get around this problem
to install a new device certificate on the PIX?

Thanks for listening!

Mike.
2 answers Last reply
More about failed cert request mscep
  1. Archived from groups: microsoft.public.win2000.security (More info?)

    I am not familiar with that particular error. I do know that we customers
    have successfully used PIX enrollment against a Windows Server 2003 CA:
    http://www.microsoft.com/downloads/details.aspx?displaylang=en&familyid=9f306763-d036-41d8-8860-1636411b2d01


    Do you see any application event logs on the CA related to the rejected
    request?

    --


    David B. Cross [MS]

    --
    This posting is provided "AS IS" with no warranties, and confers no rights.

    http://support.microsoft.com

    "Mike" <anonymous@discussions.microsoft.com> wrote in message
    news:1e62c01c45551$c402db50$a501280a@phx.gbl...
    > When enrolling a Cisco PIX firewall to the Win2K CA using
    > MSCEP, the request immediately goes into the Failed
    > Requests store with an associated error of:
    >
    > Certificate Services could not process request due to an
    > error: The certificate is revoked.
    >
    > Similarly the PIX debug shows:
    > CRYPTO_PKI: status = 101: certificate request is rejected
    >
    > There is an old revoked certificate sitting in the revoked
    > store. Does anybody know how can I get around this problem
    > to install a new device certificate on the PIX?
    >
    > Thanks for listening!
    >
    > Mike.
  2. Archived from groups: microsoft.public.win2000.security (More info?)

    Hi David,

    The error from the CA that I quoted, viz:

    Certificate Services could not process request due to an
    error: The certificate is revoked.

    has come from the application event log. I don't see any
    other useful information from the certificate services
    side of things other than another failed enrollment
    request!

    I must have a config problem somewhere but I'm following
    the documentation to the letter. If only I could work out
    why a previously revoked certificate is causing a new
    enrollment request to fail!

    Any help appreciated!

    Thanks,

    Mike.

    >-----Original Message-----
    >I am not familiar with that particular error. I do know
    that we customers
    >have successfully used PIX enrollment against a Windows
    Server 2003 CA:
    >http://www.microsoft.com/downloads/details.aspx?
    displaylang=en&familyid=9f306763-d036-41d8-8860-
    1636411b2d01
    >
    >
    >Do you see any application event logs on the CA related
    to the rejected
    >request?
    >
    >--
    >
    >
    >David B. Cross [MS]
    >
    >--
    >This posting is provided "AS IS" with no warranties, and
    confers no rights.
    >
    >http://support.microsoft.com
    >
    >"Mike" <anonymous@discussions.microsoft.com> wrote in
    message
    >news:1e62c01c45551$c402db50$a501280a@phx.gbl...
    >> When enrolling a Cisco PIX firewall to the Win2K CA
    using
    >> MSCEP, the request immediately goes into the Failed
    >> Requests store with an associated error of:
    >>
    >> Certificate Services could not process request due to an
    >> error: The certificate is revoked.
    >>
    >> Similarly the PIX debug shows:
    >> CRYPTO_PKI: status = 101: certificate request is
    rejected
    >>
    >> There is an old revoked certificate sitting in the
    revoked
    >> store. Does anybody know how can I get around this
    problem
    >> to install a new device certificate on the PIX?
    >>
    >> Thanks for listening!
    >>
    >> Mike.
    >
    >
    >.
    >
Ask a new question

Read More

Security Microsoft Certificate Windows