Michael, 1. renaming or make a link to scep is fine for me. On this cisco router you can only set the ip addresse, port number and path as option and the IOS is adding "pkiclient.exe?operation=GetCACert&message=OpenCA HTTP/1.0"
2. on "operation" I got following error messages: General error 700 Command serverInfo Not Supported (yet ?!?) requesting the url by browser: http://192.168.0.195/cgi-bin/scep/scep?operation=scepGetCACert&message=OpenCA HTTP/1.0 3. on "GetCACert" I got following error messages: General error 700 Command GetCACert Not Supported (yet ?!?) http://192.168.0.195/cgi-bin/scep/scep?cmd=GetCACert&message=OpenCA HTTP/1.0 http://192.168.0.195/cgi-bin/scep/scep?cmd=scepGetCACert&message=OpenCA HTTP/1.0 is working fine. I believe the mapping cmd to operation and scepGetCACert to GetCACert is broken. Michael Weith Am Montag, 16. Februar 2004 12:20 schrieb Michael Bell: > Michael Weith wrote: > > I have set up OpenCA for testing on suse9.0 as CA NODE LDAP RA PUB SCEP > > apache2 > > and mysql. > > openca-SNAP-20040205 > > > > Test equipment for scep: > > Cisco router 7206 and 1760 with IOS 12.3.5 > > > > > > Cisco is requesting a certificate via scep with following url verified > > by > > ethereal: > > > > http://192.168.0.195/cgi-bin/scep/pkiclient.exe?operation=GetCACert&messa > >ge=OpenCA HTTP/1.0 > > > > The scep server is not knowing following parameters: > > > > pkiclient.exe rename or copy scep to pkiclient.exe in /cgi-bin/secp/ > > directory > > operation is like cmd, cannot changed in the cisco router > > GetCACert is like scepGetCACert > > The link include some mistakes: > > 1. We don't have a file pkiclient.exe. You must use > > http://192.168.0.195/cgi-bin/scep/scep > > pkiclient.exe is from Windows based systems. We used a Cisco VPN > concentrator and there it is configurable. > > 2. It is not necessary to rename "operation" because we already do this. > > 3. GetCACert is supported as operation by OpenCA 0.9.2 snaps. > > So the major mistake is your Cisco configuration. pkiclient.exe is wrong. > > > with requesting from a browser > > the > > url: > > http://192.168.0.195/cgi-bin/scep/scep?cmd=scepGetCACert&message=OpenCA%2 > >0HTTP/1.0 or > > http://192.168.0.195/cgi-bin/scep/pkiclient.exe?cmd=scepGetCACert&message > >=OpenCA%20HTTP/1.0 > > > > I get now a certificate with the name scep.0 (pkiclient.0) in pksc7 DER > > format. > > pkiclient.exe should not work with OpenCA (except you copied scep to > pkiclient.exe). > > > For further testing with cisco router the scep server must understand > > "operation" in the url. > > The SCEP server understands operation. We map it to cmd. > > Michael ------------------------------------------------------- SF.Net is sponsored by: Speed Start Your Linux Apps Now. Build and deploy apps & Web services for Linux with a free DVD software kit from IBM. Click Now! http://ads.osdn.com/?ad_id=1356&alloc_id=3438&op=click _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
