thank you for your participation.
Ives Steglich wrote:
ok first: why ist there an: In-Reply-To: <[EMAIL PROTECTED]>
in your message and i get this request threaded in the wrong thread?
sorry, i didn't think about this. will try to be smarter
ok, first thinks first:
which versions you are using?
for openca i asume 0.9.2 (since 0.9.1 doesn't have scep support)
exactly :-) openca-0.9.2-RC5
but it would be good to know if a RC is used or cvs and around which date this got downloaded...
openssl? please don't say 0.9.7d - wouldn't be a good idea
since there pkcs#7 support is broken (partly), but this doesn't seemes to be the case
ok, downgraded to 0.9.6l. didn't help :-(
so lets see - since you are using ra system, and you didn't post router configuration - is the router setup for an ca-only or for ra-ca system?
cisco has two different modes - afair...
i did post router configuration :)
newer ioses permit to concentrate all ca directives under "crypto ca trustpoint".
and of cource i tryed both modes. with the same result. :-(
(but from log-output this seemes to be ok)
to verfiy the scep installation is working properly - i suggest the usage of sscep to check - if this is working, we can asume the scep part at open-ca to be fine and correct setuped
wil try, thank you.
then there may be a problem at the cisco part of the game
the logging of your router looks like the openssl-version could be finde, since the first pending-message can be verified and the status extracted...
the second reply is only: received msg of 215 bytes
which is kind a small... so it would be interesting to see, if the open-ca installation itself is fine => sscep
since all other steps seem to be working (installation of the ca-ra-certs and the first pending reply)
sometimes it helps - just to rerequest the certificate - if the first request fails... you may give this a try to
tryed many times before and after writing here.
so for the moment i don't have any additional ideas...
we had quite a lot of changes for the recent cvs version, i didn't do some testing of the very up to date code-base with cisco equipment, since some main issues have been resolved for crr stuff, i will do some extensive testing today i think... and check if the scep-part still works, like it should
hopefully waiting :-) thanks anyway.
-- Konstantin Khrooschev. RTS Stock Exchange. Network Department.
------------------------------------------------------- This SF.Net email is sponsored by BEA Weblogic Workshop FREE Java Enterprise J2EE developer tools! Get your free copy of BEA WebLogic Workshop 8.1 today. http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click _______________________________________________ Openca-Users mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/openca-users
