Re: [Openca-Users] SCEP requests failing

Wed, 17 Mar 2004 00:45:22 -0800

Michael Portz wrote:

System: openca-0.9.2-RC3

Most things I tried so far worked nice. Alas SCEP is still
troubling me. Both a Cisco box and the sscep utility fail
the final step. They both get the CA-cert, they both launch
the request, but when the certificate is ready they both
fail. The Cisco box with an unmeaningly "ERROR" and sscep
(debug and verbose on) with

./sscep: cannot find requested certificate

This despite the fact that in the line before that
one it claimed:

./sscep: found certificate with
  subject: /C=de/L=Aachen/...
  issuer: /C=de/O=...

When I check the PEM formatted PKCS#7 reply from OpenCA
with "openssl pkcs7" or "openssl asn1parse" I cant see
any certificate contents either (esp. the digital signature
is missing). Any known problems here?

First there is a tool openca-scep which is part of OpenCA 0.9.2 series. We use this tool to handle all the SCEP stuff. It uses OpenSSL's commandline syntax. You can use it to print a SCEP message:

openca-scep -in msg.txt -text -noout

After this you should see the complete content of the container.

Second I don't know what is with your Cisco equipment but sscep is really sensitive for the subject of the certificate. If the subject of the issued certificate does not match the subject in the request then sscep does not accept the certificate.

Another question do you installed the correct CA certificate for sscep?

Actually I have no Cisco equipment for testing available, so I cannot try to reproduce the error.

Michael
--
-------------------------------------------------------------------
Michael Bell                   Email: [EMAIL PROTECTED]
ZE Computer- und Medienservice            Tel.: +49 (0)30-2093 2482
(Computing Centre)                        Fax:  +49 (0)30-2093 2704
Humboldt-University of Berlin
Unter den Linden 6
10099 Berlin                   Email (private): [EMAIL PROTECTED]
Germany                                       http://www.openca.org



-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Openca-Users mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/openca-users

Reply via email to