On Fri, 2003-03-21 at 14:46, Josdeyvi Russi wrote: > Hi, > > As I know, Cisco routers do not support https requests to a RA. Also, > in the draft there is a mention about a http page with a .EXE file in > a CGI script (pkiclient.exe). > i'm not part of openca but some hints anyway ;o)
this is just a name - so one simple thing would be rename the cgi-script to pkiclient.exe ;o) scep doesn't support https and there is no need to use https with scep... scep has been designed to work in non-secure channels... the only thing you have to verify is in step one the client recieves the ca/ra/chain certificates than you have to check the fingerprint of the ca certificate out of band... (but this is common problem, if you deal with security ) and verify the ra/chain certs against the root-ca cert but usaly cisco routers should do this automaticaly just the fingerprint check is up to u > How do you pretend to implement the SCEP interface, as the RA > interface from openca is in https? Is any test being done already? Do > you need help? We have here a lab with Cisco routers and PIX, and I > can certainly help with the tests. great - i'm also just about testing - and improving/fixing masimilanos scep code so far... because the code isn't finished - spacially the generated responses are noct working correctly but would be great if we could work out this together ;o) i can send you next week, some code fixes, i have done so far i have also started to complete the perl-cgi-interface for scep so it now generates an pendig reply to client requests, but like mentioned above, those replies are not working correctly at the moment and i also have a pix here for testing purposes annotation: do you have the pkcs10 requests working with openca? greetings dalini ------------------------------------------------------- This SF.net email is sponsored by:Crypto Challenge is now open! Get cracking and register here for some mind boggling fun and the chance of winning an Apple iPod: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0031en _______________________________________________ OpenCA-Devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-devel
