000019527 - Unable to enroll to the KRA from a Cisco VPN Client on Linux

Document created by RSA Customer Support Employee on Jun 16, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000019527
Applies ToKeon Certificate Authority 6.0.2
Keon Registration Authority 6.0.2
Microsoft Windows 2000 Advanced Server SP2
Cisco VPN Client 3.0.x
IssueUnable to enroll to the KRA from a Cisco VPN Client on Linux
Certificate Request never reaches KCA
Cisco Error log reports: "Failure on: CEP response VERIFY."
KCA logs show "uploading of certificate to client failed: [XrcNOTFOUND: unable to locate requested member or object];   certificate presented: none"
CauseChallenge password was not entered on the Cisco VPN Client. You must enter a challenge password during Cisco VPN Client certificate enrollment process. The passphrase is distinct from the password that secures the certificate store.
ResolutionThe Cisco VPN Client 3.6 for Linux does not prompt for a password when using the interactive shell script for enrollment. You must use the command line with the -chall <challenge_phrase> command line parameter.

See the following Web page:


for more details on the command line options.
Legacy Article IDa14712