Hi, I have running scep fine with Cisco IOS 12.3.6. This IOS have problem with some X509v3 extensions. Therefore I create a new role for the cisco router and comment all out in file ../etc/openssl/extfiles/***.ext except nsCertType = server. (I don't verified all the options) Accordingly the cisco router accept the signed certificate.
After the Cebit I will verify with cisco about the X509v3 extensions. Hope this helps Michael Weith > Michael Bell wrote: > > > Michael Portz wrote: > > > >> Michael Bell wrote: > >> > >>> Second I don't know what is with your Cisco equipment but sscep is > >>> really sensitive for the subject of the certificate. If the subject > >>> of the issued certificate does not match the subject in the request > >>> then sscep does not accept the certificate. > >>> > >> > >> Hmmm...the only difference I notice between the requests subject and > >> the ceritificates subject is the serial number: > >> > >> request: > >> Subject: C=de, L=Aachen, O=accom GmbH u. Co KG, CN=dummy.dummy.net > >> > >> certificate > >> subject: /C=de/L=Aachen/O=accom GmbH u. Co > KG/CN=dummy.dummy.net/SN=10 > >> > >> That cant be it, or? > > > > > > This is the problem. SSCEP needs an exact match. To get a successful > > enrollment you must deactivate the addition of the serialnumber in > > OpenCA's configuration. > > > > Michael > > Yepp..confirmed: This was the problem with the sscep. It�s up and running > fine now. Alas the configuration change did not help with the problems > with the Cisco Concentrator...yet :) > > Thanks a lot > T.o.Michael > > > -- > accom GmbH & Co. KG > Gruener Weg 100 > 52070 Aachen > > Tel: +49 241 918 5228 > Fax: +49 241 918 5299 > > > ------------------------------------------------------- > This SF.Net email is sponsored by: IBM Linux Tutorials > Free Linux tutorial presented by Daniel Robbins, President and CEO of > GenToo technologies. Learn everything from fundamentals to system -- +++ NEU bei GMX und erstmalig in Deutschland: T�V-gepr�fter Virenschutz +++ 100% Virenerkennung nach Wildlist. Infos: http://www.gmx.net/virenschutz ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
