Hi,
usaly i used sscep with the configfile and this worked fine so farOK, haven't tried this yet.
try the sscep.conf file from the posting i mentioned, of course you have to adopt paths and so on ;)... but thats clear i guess
yes, but for ease of use, i usaly tell ppl to generate 'a ra certificate' means ssl-web-server cert, should work with scep-interface (to choose from the predefined roles, most ppl won't start up with generating new profiles... of course it should work with a selfmade role policy tooOK, I do NOT have an RA certificate, instead I am using a certificate I created solely for the SCEP Interface. If I understand the code correctly, it should not be necessary to use the RA certificate.
�hm yes, i think thats the problem on openca side ;)<option> <name>SCEP_RA_CERT</name> <value>/usr/local/openca-0.9.2/etc/scep/scep-cert.pem</value> </option> <option> <name>SCEP_RA_KEY</name> <value>/usr/local/openca-0.9.2/etc/scep/scep-key.pem</value> </option> <option> <name>SCEP_RA_PASSWD</name> <value>xxxx</value> </option>
don't hit me, but, i think the passwd stuff doesn't work right with the current scep implementation, means, the key shouldn't be encrypted, i havn't digged this down in the scep-code yet, either its completly missing code, or somehow faulty...
the 'reason' why its not fixed yet is, since the config is readable by apache user und the pwd too, it doesn't makes a huge difference if one puts the key unencrypted on the filesystem just readable for the apache or pki user... whatever is needed or encrypt it and put plaintext pwd in config... (but i should add a comment about this in the config file - right)
so if u remove the pwd and unencrypt the key in file, it should work (i hope)
greetings dalini
------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
