Konstantin Khrooschev wrote:
hi all! i'm trying to use openca with cisco equipment i've deploy canonical 3-server scheme (ca, ra, pub/scep). it seems working correctly with my mozilla browser. (i've requested and got my browser certificate).
ok first: why ist there an: In-Reply-To: <[EMAIL PROTECTED]> in your message and i get this request threaded in the wrong thread?
so general hint for everybody ,o):
if you start a new topic - please don't do it in reply to an old message thx...
-----------------
ok, first thinks first:
which versions you are using?
for openca i asume 0.9.2 (since 0.9.1 doesn't have scep support)
but it would be good to know if a RC is used or cvs and around which date this got downloaded...
openssl? please don't say 0.9.7d - wouldn't be a good idea
since there pkcs#7 support is broken (partly), but this doesn't seemes to be the case
so lets see - since you are using ra system, and you didn't post router configuration - is the router setup for an ca-only or for ra-ca system?
cisco has two different modes - afair...
(but from log-output this seemes to be ok)
to verfiy the scep installation is working properly - i suggest the usage of sscep to check - if this is working, we can asume the scep part at open-ca to be fine and correct setuped
then there may be a problem at the cisco part of the game
the logging of your router looks like the openssl-version could be finde, since the first pending-message can be verified and the status extracted...
the second reply is only: received msg of 215 bytes
which is kind a small... so it would be interesting to see, if the open-ca installation itself is fine => sscep
since all other steps seem to be working (installation of the ca-ra-certs and the first pending reply)
sometimes it helps - just to rerequest the certificate - if the first request fails... you may give this a try to
so for the moment i don't have any additional ideas...
we had quite a lot of changes for the recent cvs version, i didn't do some testing of the very up to date code-base with cisco equipment, since some main issues have been resolved for crr stuff, i will do some extensive testing today i think... and check if the scep-part still works, like it should
(i really should put an cisco faq for scep to the open-ca guide ,)
greetings dalini
--
Ives Steglich Email: [EMAIL PROTECTED]
System Administration Tel.: +49 (0)3677 - 69 4382/4383
Fax: +49 (0)3677 - 69 4399Fraunhofer Institute for Digital Media Technology Langewiesener Strasse 22 98693 Ilmenau Email (private): [EMAIL PROTECTED] Germany http://www.openca.org
------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
