M
mattula
I just solved this 512 error. Turn your firewalls and virus scanners
off for troubleshooting first! We're using a Microsoft CA server and
certificate authentication for the client. It turns out that the
latest Cisco client 5.0.x may have some kind of flaw when requesting the
client side certificate. Our standard is to utilize a password in the
OU field and to use the rest of the fields = example: CN or O for
company name, organizational name etc. Well, it turns out if you use
lots of punctuation, spaces and special characters in that request, when
the cert is processed and given back to the end user, the cert will
malfunction. Also, since our CA is not publicly accessable, we need to
give the root cert to the end user and have the user right click and add
the root ca to their local microsoft store (default location that it
picks) then have the CISCO client IMPORT the root ca (using the import
button on the Cisco client of course) on the root CA.
Solution: keep your cert requests minimal and simple when you do
request them from the client. Try minimizing the amount of jibberish in
the fields. I made several successful by just entering a simple vendor
name (no spaces) in the CN field and our pw in the OU field. I
submitted it to the cert server, generated the cert, gave it back to the
end user along with a copy of the root CA cert, right clicked on the CA
cert and imported it into the microsoft cert store that it chose
automatically, then went to the cisco client, imported the issued
certificate, then imported the rootca into cisco as well... viola - no
more 412 errors!
I also got this to work also using a UBUNTU linux system and oracle
virtual box running XP pro under a bridged wireless adapter without any
hassle!
-
--
mattula
------------------------------------------------------------------------
mattula's Profile: http://forums.techarena.in/members/250812.htm
View this thread: http://forums.techarena.in/vista-help/1041711.htm
http://forums.techarena.in
off for troubleshooting first! We're using a Microsoft CA server and
certificate authentication for the client. It turns out that the
latest Cisco client 5.0.x may have some kind of flaw when requesting the
client side certificate. Our standard is to utilize a password in the
OU field and to use the rest of the fields = example: CN or O for
company name, organizational name etc. Well, it turns out if you use
lots of punctuation, spaces and special characters in that request, when
the cert is processed and given back to the end user, the cert will
malfunction. Also, since our CA is not publicly accessable, we need to
give the root cert to the end user and have the user right click and add
the root ca to their local microsoft store (default location that it
picks) then have the CISCO client IMPORT the root ca (using the import
button on the Cisco client of course) on the root CA.
Solution: keep your cert requests minimal and simple when you do
request them from the client. Try minimizing the amount of jibberish in
the fields. I made several successful by just entering a simple vendor
name (no spaces) in the CN field and our pw in the OU field. I
submitted it to the cert server, generated the cert, gave it back to the
end user along with a copy of the root CA cert, right clicked on the CA
cert and imported it into the microsoft cert store that it chose
automatically, then went to the cisco client, imported the issued
certificate, then imported the rootca into cisco as well... viola - no
more 412 errors!
I also got this to work also using a UBUNTU linux system and oracle
virtual box running XP pro under a bridged wireless adapter without any
hassle!
-
--
mattula
------------------------------------------------------------------------
mattula's Profile: http://forums.techarena.in/members/250812.htm
View this thread: http://forums.techarena.in/vista-help/1041711.htm
http://forums.techarena.in