Now I found a very good PKI free software, I try to use it everywhere I need certificates. My first difficult task was with IOS. You can find here some notes.

Here my IOS config related to my CA :

!
crypto ca trustpoint FMSCA
 enrollment url http://pki.intranet.fimasys.fr:8080/ejbca/publicweb/apply/scep
 serial-number
 source interface Ethernet0
 auto-enroll regenerate
!

Description / Notes

One you have that, use the command :

# crypto ca authenticate FMSCA

to fetch the CA certificate. Then, set the password enrollment with the command :

# crypto ca enroll FMSCA

Then, login to EJBCA, and create a new entity profile looks like :

ios-profile.jpg

Check your ejbca logs, you shoud see something like :

ERROR [PKCS10RequestMessage] No CN in DN: SN=12013150+unstructuredName=saroumane.nanthrax.net
ERROR [Log4jLogDevice] October 19, 2005 9:48:33 AM CEST, CAId : 0, CA, EVENT_ERROR_USERAUTHENTICATION, Administrator : PUBLICWEBUSER, IP Address : 192.168.134.1, User : 12013150, Certificate : No Certificate Involved, Comment : Got request for nonexisting user: 12013150

So, you know you must add an entity using the serial Number as username, the password you define in IOS, and serialNumber / unstructuredNamed as subject DN fields.

saroumane#sh crypto ca cert
Certificate
  Status: Available
  Certificate Serial Number: 426FA96340F5D2CA
  Certificate Usage: General Purpose
  Issuer:
    c=FR
    o=Fimasys
    cn=Fimasys Security CA
  Subject:
    Name: saroumane.nanthrax.net
    Serial Number: 12013150
    serialNumber=12013150
    hostname=saroumane.nanthrax.net
  Validity Date:
    start date: 08:58:28 CET Oct 19 2005
    end   date: 09:08:28 CET Oct 19 2007
  Associated Trustpoints: FMSCA

CA Certificate
  Status: Available
  Certificate Serial Number: 7AA2B9942CD0D362
  Certificate Usage: Signature
  Issuer:
    c=FR
    o=Fimasys
    cn=Fimasys Security CA
  Subject:
    c=FR
    o=Fimasys
    cn=Fimasys Security CA
  Validity Date:
    start date: 07:29:35 CET Oct 17 2005
    end   date: 07:39:35 CET Oct 15 2015
  Associated Trustpoints: FMSCA

Comments