I have several BSD routers configured with certificates issued by Windows 2012 NDES server. They create IPsec tunnels to each other and communicate with no problems. The certificates are issued automatically using sscep development by Jarkko Turkulainen in 2003. This exact build worked perfectly well with Microsoft 2000 and 2003 servers using mscep add-on and still works with 2008 and 2012 servers using NDES services for certificate request and enrollment. However, crl requests, though worked well with 2000 and 2003 servers, fails under NDES service starting in 2008 servers.
The error reported in server is sourced to NDES and event ID is 45. Basically, starting in NDES implementation an additional feature fails CA signature checks in request. Is there a way I can turn this feature off? Or is there something else I can do to eliminate this issue and receive crl still using scep code? The error content is below.
Error 45: The Network Device Enrollment Service cannot match the issuer name and serial number in the device request to any certification authority (CA) certificate. Verify that the device request contains the correct CA certificate information, then resubmit the request.
ms