Failed Cert Request with MSCEP

Mike · Jun 18, 2004

When enrolling a Cisco PIX firewall to the Win2K CA using
MSCEP, the request immediately goes into the Failed
Requests store with an associated error of:

Certificate Services could not process request due to an
error: The certificate is revoked.

Similarly the PIX debug shows:
CRYPTO_PKI: status = 101: certificate request is rejected

There is an old revoked certificate sitting in the revoked
store. Does anybody know how can I get around this problem
to install a new device certificate on the PIX?

Thanks for listening!

Mike.

David Cross [MS] · Jun 19, 2004

I am not familiar with that particular error. I do know that we customers
have successfully used PIX enrollment against a Windows Server 2003 CA:
http://www.microsoft.com/downloads/...familyid=9f306763-d036-41d8-8860-1636411b2d01

Do you see any application event logs on the CA related to the rejected
request?

Mike · Jun 20, 2004

Hi David,

The error from the CA that I quoted, viz:

Certificate Services could not process request due to an
error: The certificate is revoked.

has come from the application event log. I don't see any
other useful information from the certificate services
side of things other than another failed enrollment
request!

I must have a config problem somewhere but I'm following
the documentation to the letter. If only I could work out
why a previously revoked certificate is causing a new
enrollment request to fail!

Any help appreciated!

Thanks,

Mike.

-----Original Message-----
I am not familiar with that particular error. I do know that we customers
have successfully used PIX enrollment against a Windows Server 2003 CA:
http://www.microsoft.com/downloads/details.aspx? displaylang=en&familyid=9f306763-d036-41d8-8860-
1636411b2d01

Do you see any application event logs on the CA related to the rejected
request?

--

David B. Cross [MS]

--
This posting is provided "AS IS" with no warranties, and confers no rights.

http://support.microsoft.com

When enrolling a Cisco PIX firewall to the Win2K CA using
MSCEP, the request immediately goes into the Failed
Requests store with an associated error of:

Certificate Services could not process request due to an
error: The certificate is revoked.

Similarly the PIX debug shows:
CRYPTO_PKI: status = 101: certificate request is rejected

There is an old revoked certificate sitting in the revoked
store. Does anybody know how can I get around this problem
to install a new device certificate on the PIX?

Thanks for listening!

Mike.

Click to expand...

.

Cert Server Denying Certs requests - Event ID 21: The certificate is revoked	6	Sep 24, 2004
Clients cant get new Cert from CA - 0x800b0101	0	Dec 1, 2006
2003 SP1 CA keeps denying cert requests	4	Aug 12, 2005
user certificate request - cannot find CA authority!	2	Nov 22, 2004
Windows 2000 Certificate Services - Help Request (Understanding and operation).	4	Aug 27, 2004
Certificate revocation in VPN smart card connection under win2003	2	Jul 15, 2003
Web Enrollment Certificate Request Denied	2	Jul 5, 2004
Certificate Request Denied over Web Enrollment	0	Jul 1, 2004

Failed Cert Request with MSCEP

Mike

David Cross [MS]

Mike

Ask a Question

Similar Threads