Hi, has anybody in this list experiences with OpenCA as a Sub-CA in respect of SCEP? We already have an established PKI and I want to use the OpenCA as a Sub-CA for PIX firewalls within our PKI.
So I have installed OpenCA-0.9.2-RC3 as a Sub-CA and imported a certificate issued by our root CA. Then I signed a certificate for myself as CA admin and I also use this cert for the scep interface. The config on the PIX are as follows: ca identity test-ca 10.20.0.4:/cgi-bin/scep/scep ca configure test-ca ra 1 20 crloptional ca authenticate test-ca So I got following error messages: (debug crypto ca) CRYPTO_PKI: WARNING: A certificate chain could not be constructed while selecting certificate status CRYPTO_PKI: Error: Code 0x0000 while selecting self signed certificate CRYPTO_PKI: WARNING: Certificate, private key or CRL was not found while verifying cert in message by issuer self-signed cert CRYPTO_PKI: WARNING: A certificate chain could not be constructed while selecting certificate status CRYPTO_PKI: Error: Code 0x0000 while selecting self signed certificate CRYPTO_PKI: WARNING: Certificate, private key or CRL was not found while verifying cert in message by issuer self-signed cert CRYPTO_PKI: status = 324: failed to verify CRYPTO_PKI: transaction GetCACert completed I captured the traffic between the PIX and the OpenCA and the reply from the OpenCA looks like that the root-ca-cert, Sub-CA-cert and the RA-cert have been sent to the PIX. However, the PIX was probably not able to find out the certs or keys. My questions: does anybody know whether it is possible to use OpenCA as Sub-CA for SCEP? And how can I get more debugging information from the OpenCA side? Any idea would be appreciated. best regrads Yang ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
