Hi All,
Operating system - Windows server 2012 R2
We have set up a three tier CA Hierarchy.
Root CA->SubCA->Issuing CA
NDES service is installed at the Issuing CA.
We have a developed a client application which will retrieve the CRL from Issuing CA via SCEP protocol.
We always get the error "Transaction not permitted or supported" reply in the client from Issuing CA NDES. On viewing the event viewer at the Issuing CA, we can see
"Event ID : 45, which says "NDES cannot match issuer and serial number in the device request with any Certification Authority (CA) Certificate"
--------------------------------
We have reviewed the implementation of the client multiple times. We are filling the issuer and serial number information from the "Issuing CA certificate" to the device CRL download request. For testing purpose, we have also tried to fill the same from "CA Root certificate" as well as from the "Enrolled certificate device received signed by Issuing CA".
The same error happens with two tier hierarchy as well.
--------------------------------------------------------
However CRL retrieval works fine with single tier hierarchy via SCEP.
Here we are using the CA Root certificate to fill in the issuer and serial information in the device request.
Any ideas to solve this problem will be helpful.
Is there any additional settings required to make this work in a multi hierarchy set up? Or should we use any other certificate to fill in the issuer and serial number information in device request.
Any help is appreciated. Thanks in advance.
Great Day, Sreekanth