My own answer :-))
The problem was that envelopedData is signed with user Certificate, not with
self Signed
Certificate.
Cheers, Gabi.
Gabriel Lopez Millan escribis:
> Hi all. I think it's a offtopic question, but I need help !!
>
> I'm deploy a SCEP Server to work with Cisco Router using IAIK
> library.
>
> At moment it can do:
> - GetCARACert: My CA/RA Certificate are stored in Cisco with IOS
>
> 12.01
> - PKCSReq is received and the certificate is issued.
>
> The problem is PKCSRep Message. When SCEPResponder send this message
>
> to router it show
> following error:
>
>
***************************************************************************************
>
> 1w3d: CRYPTO_PKI: received msg of 3166 bytes
> 1w3d: CRYPTO_PKI: HTTP response header:
> HTTP/1.1 200 OK
> Date: Tue, 26 Jun 2001 08:18:22 GMT
> Server: Apache/1.3.12 (Unix) ApacheJServ/1.1.2 mod_ssl/2.6.6
> OpenSSL/0.9.5a
> Content-Length: 2951
> Connection: close
> Content-Type: application/x-pki-message
>
> 1w3d: Received pki message: 2951 types
> 1w3d: 30 80 06 09 2A 86 48 86 F7 0D 01 07 02 A0 80 30 80 02 01 01
> ........................................................
> 1w3d: 3B 45 6B F7 FB 00 00 00 00 00 00
> 1w3d: CRYPTO_PKI: WARNING: Certificate, private key or CRL was not found
>
> while selecting CRL
>
> 1w3d: CRYPTO_PKI: WARNING: Certificate, private key or CRL was not found
>
> while selecting CRL
>
> 1w3d: CRYPTO_PKI: signed attr: pki-message-type:
> 1w3d: 13 01 33
> 1w3d: CRYPTO_PKI: signed attr: pki-status:
> 1w3d: 13 01 30
> 1w3d: CRYPTO_PKI: signed attr: pki-recipient-nonce:
> 1w3d: 04 10 5F E9 59 D9 EE 59 D9 09 74 78 78 4E 86 8B 43 AA
> 1w3d: CRYPTO_PKI: signed attr: pki-transaction-id:
> 1w3d: 13 20 41 37 35 37 32 38 44 36 38 33 43 43 45 43 44 32 32 37
> 1w3d: 32 41 44 33 39 35 46 38 33 44 39 38 30 42
> 1w3d: CRYPTO_PKI: status = 100: certificate is granted
> 1w3d: Verified signed data 1858 bytes:
> 1w3d: 30 80 06 09 2A 86 48 86 F7 0D 01 07 03 A0 80 30 80 02 01 00
> ..............................
> 1w3d: 0A 03 B8 B8 71 D5 73 1C B6 C4 00 00 00 00 00 00 00 00
> 1w3d: CRYPTO_PKI: status = 301: failed to open the envelope
> 1w3d: %CRYPTO-6-CERTFAIL: Certificate enrollment failed.
> 1w3d: CRYPTO__PKI: All enrollment requests completed.
> 1w3d: CRYPTO__PKI: All enrollment requests completed.
>
****************************************************************************************
>
> Message is ok, but it can't open the envelope
> The enveloped data returned in PKCSReq Message is not PKCS7 compliant:
>
> "encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL
>
> }"
> it send a
> EXPLICIT content that has two OCTET_STRING !!!
>
> Can anybody help me?
>
> Thanks, Gabi.
>
> --
> -------------------------------------------------
> Gabriel Lopez Millan - Grupo ANTS-CIRCuS
> Facultad de Informatica
> Universidad de Murcia (Espaqa) Tfo: +34 968367645
--
-------------------------------------------------
Gabriel Lopez Millan - Grupo ANTS-CIRCuS
Facultad de Informatica
Universidad de Murcia (Espaqa) Tfo: +34 968367645
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=9953&t=9948
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
