Re: [Pki-users] Dogtag and certificate VPN
Hi Nick,
Dogtag and RHCS have been tested with Cisco ASA 5100 in the past. CA
tests successfully issued certificates to Cisco ASA 5100 router via SCEP
protocol. However, router's bug
<https://bugzilla.redhat.com/show_bug.cgi?id=505200>was discovered
during this testing showing that router does not generates keys with
proper parity. This issue occurs only when CA is connected to NetHSM
since NetHSM rejects keys without proper parity. If you are experiencing
this issue, you may search Cisco software updates for a fix.
Thank you,
Andrew
On 10/11/2012 07:20 AM, Ritter, Nicholas wrote:
Is anyone using, or has tested, Dogtag with certificate based VPN? And
more specifically with Cisco ASA Anyconnect and IPSEC VPN?
I searched through the dogtag mailing list archive and the Cisco
forums and found someone tried to do this in 2010 and had problems
that I can only assume there was no resolution to. The last posting I
saw was someone giving the blanket vendor reason of "Cisco does not
support that CA". Given that there has not been a posting since, and
that was two years ago, I was curious if anyone had tested/implemented it?
Nick
Attachments:
- attachment.html (text/html — 3.6 KB)