Ok, but here we don't use Cisco... Someone know about any other configuration that I can check??
Thanks, Andr�a. ----- Original Message ----- From: "Michael Weith" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Thursday, March 18, 2004 9:55 AM Subject: Re: [Openca-Users] SCEP requests failing > Hi, > > I have running scep fine with Cisco IOS 12.3.6. This IOS have problem with > some X509v3 extensions. > Therefore I create a new role for the cisco router and comment all out in > file ../etc/openssl/extfiles/***.ext except nsCertType = server. (I don't > verified all the options) > Accordingly the cisco router accept the signed certificate. > > After the Cebit I will verify with cisco about the X509v3 extensions. > > Hope this helps > > Michael Weith > > > > Michael Bell wrote: > > > > > Michael Portz wrote: > > > > > >> Michael Bell wrote: > > >> > > >>> Second I don't know what is with your Cisco equipment but sscep is > > >>> really sensitive for the subject of the certificate. If the subject > > >>> of the issued certificate does not match the subject in the request > > >>> then sscep does not accept the certificate. > > >>> > > >> > > >> Hmmm...the only difference I notice between the requests subject and > > >> the ceritificates subject is the serial number: > > >> > > >> request: > > >> Subject: C=de, L=Aachen, O=accom GmbH u. Co KG, CN=dummy.dummy.net > > >> > > >> certificate > > >> subject: /C=de/L=Aachen/O=accom GmbH u. Co > > KG/CN=dummy.dummy.net/SN=10 > > >> > > >> That cant be it, or? > > > > > > > > > This is the problem. SSCEP needs an exact match. To get a successful > > > enrollment you must deactivate the addition of the serialnumber in > > > OpenCA's configuration. > > > > > > Michael > > > > Yepp..confirmed: This was the problem with the sscep. It�s up and running > > fine now. Alas the configuration change did not help with the problems > > with the Cisco Concentrator...yet :) > > > > Thanks a lot > > T.o.Michael > > > > > > -- > > accom GmbH & Co. KG > > Gruener Weg 100 > > 52070 Aachen > > > > Tel: +49 241 918 5228 > > Fax: +49 241 918 5299 > > > > > > ------------------------------------------------------- > > This SF.Net email is sponsored by: IBM Linux Tutorials > > Free Linux tutorial presented by Daniel Robbins, President and CEO of > > GenToo technologies. Learn everything from fundamentals to system > > -- > +++ NEU bei GMX und erstmalig in Deutschland: T�V-gepr�fter Virenschutz +++ > 100% Virenerkennung nach Wildlist. Infos: http://www.gmx.net/virenschutz > > > > ------------------------------------------------------- > This SF.Net email is sponsored by: IBM Linux Tutorials > Free Linux tutorial presented by Daniel Robbins, President and CEO of > GenToo technologies. Learn everything from fundamentals to system > administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click > _______________________________________________ > Openca-Users mailing list > [EMAIL PROTECTED] > https://lists.sourceforge.net/lists/listinfo/openca-users > ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
