Welcome to Bruno Bonfils's (aka asyd homepage).
|
Now I found a very good PKI free software, I try to use it everywhere I need certificates. My first difficult task was with IOS. You can find here some notes. Here my IOS config related to my CA : ! crypto ca trustpoint FMSCA enrollment url http://pki.intranet.fimasys.fr:8080/ejbca/publicweb/apply/scep serial-number source interface Ethernet0 auto-enroll regenerate ! Description / Notes
One you have that, use the command : # crypto ca authenticate FMSCA to fetch the CA certificate. Then, set the password enrollment with the command : # crypto ca enroll FMSCA Then, login to EJBCA, and create a new entity profile looks like :
Check your ejbca logs, you shoud see something like : ERROR [PKCS10RequestMessage] No CN in DN: SN=12013150+unstructuredName=saroumane.nanthrax.net ERROR [Log4jLogDevice] October 19, 2005 9:48:33 AM CEST, CAId : 0, CA, EVENT_ERROR_USERAUTHENTICATION, Administrator : PUBLICWEBUSER, IP Address : 192.168.134.1, User : 12013150, Certificate : No Certificate Involved, Comment : Got request for nonexisting user: 12013150 So, you know you must add an entity using the serial Number as username, the password you define in IOS, and serialNumber / unstructuredNamed as subject DN fields.
saroumane#sh crypto ca cert
Certificate
Status: Available
Certificate Serial Number: 426FA96340F5D2CA
Certificate Usage: General Purpose
Issuer:
c=FR
o=Fimasys
cn=Fimasys Security CA
Subject:
Name: saroumane.nanthrax.net
Serial Number: 12013150
serialNumber=12013150
hostname=saroumane.nanthrax.net
Validity Date:
start date: 08:58:28 CET Oct 19 2005
end date: 09:08:28 CET Oct 19 2007
Associated Trustpoints: FMSCA
CA Certificate
Status: Available
Certificate Serial Number: 7AA2B9942CD0D362
Certificate Usage: Signature
Issuer:
c=FR
o=Fimasys
cn=Fimasys Security CA
Subject:
c=FR
o=Fimasys
cn=Fimasys Security CA
Validity Date:
start date: 07:29:35 CET Oct 17 2005
end date: 07:39:35 CET Oct 15 2015
Associated Trustpoints: FMSCA
|
