i would say - nothing went actually wrongHas anybody an idea what went wrong with this enrollment. Why can't the pix construct a certificate chain?
the chain warning will occur it the ra cert is first one in the pkcs#7 file - so when it gets installed at the pix - the self-signed-ca-cert isn't known - so there can't be a verification
i will have a look at the code which builds the pkcs#7 file, in which order the certs get added to it...
but if you can see the certs - than the pix has installed them, and usally they are marked as active - so they are usable
it could also be possible, since no fingerprint is provided, that the pix doesn't know - if it can trust the selfsigned ca-cert, this warning usally only is shown in debugging modus - so i think the first reason may be the source for this warning
--------
so with the enrollment itself anythings seemes to be ok so far, till this openssl error, because the pix gets the expected pending answer through scep - which also shown in your debigging informations
so there is just some problem with issuing the certificate at the ca
> If i try to issue the certificate with the given request following > error encounters: > Error 6761 > General Error. Error while issuing Certificate to (filename: > /usr/local/openca/var/tmp/0C.req). > OpenCA::OpenSSL returns errocode 7731075 (OpenCA::OpenSSL->issueCert: > OpenSSL fails (256). )..
this lookes like an configuration error inside the openssl config files
means the extfiles or the openssl files itself - see the subdirectories below .../etc/openssl/ either openssl or extfiles
so - some questions arise at this point:
which role did you assign to the certificate? usaly it should be vpn-gateway (or something own?)
did you edit the request somehow before trying to issue the certificate?
usally it is a good idea to set the dns and/or the ip adress at the subject-alternative-name of the cert as to adapt the dn if needed to meet some organisational preferences like extra ou and so on...
greetings dalini
------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
