[Openca-Users] SCEP and external CA

Thu, 24 May 2007 04:50:26 -0700 

Hi all,
I've done almost well, but now im stuck! :-(
I have a CA and a RA running on SuSE Linux quite well. Also basic SCEP is working. My SCEP-Client is a CISCO-Router. As long as I request certificates without serial number and IP-address the CA can sign the request and it is automatically imported by the router. 


Unfortunately there is a requirement for including IP-address and/or serial 
number. In this case I experienced problems with the DN.pm perl-module. (... 
multivalued dn not supported or so ...)



So I exported the request and signed it externally with all configurations 
used by openca (somthing like    openssl ca -keyfile /usr/local/ssl .... 
-extfile ... and so on)



As a result I got the certificate. I created a new pem-file and imported it 
(tar cvf /usr/local/openca/ca/var/tmp/fd0 * ) to ca and ra with no problem. 
Last but not least the certificate was in both databases (cadb and radb in 
the certificate-table).



But unfortunately it is not delivert to the router (traced with wireshark). 
As soon as I enroll the certificate manually on the router (cut and paste 
via command line) everything is working fine.



My simple questions are: what is the scep-server looking for in the 
database? How can I export and import certificates from an external CA (in 
fact, openssl commandline would be enough for me ;-) )?



I would really appreciate, if someone could help me. If logfile is requred, 
pls. send a short message. Debug is always switched on in log.xml - but it's 
a huge amount of data.


Thanks and best regards

Jörg Kirmße

_________________________________________________________________

FREE pop-up blocking with the new MSN Toolbar - get it now! 
http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/




-------------------------------------------------------------------------
This SF.net email is sponsored by DB2 Express
Download DB2 Express C - the FREE version of DB2 express and take
control of your XML. No limits. Just data. Click to get it now.
http://sourceforge.net/powerbar/db2/
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users






















					Reply via email to