Hi Marc, as Ives pointed out you need to make sure that you have configured your SCEP RA certificate and the corresponding private key properly. Make sure the certificate key usage is appropriate for SCEP. I am using a certificate with the following key usage successfully: Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment
Get it going with an unencrypted private key first. IIRC OpenCA may complain if you do NOT set SCEP_RA_PASSWD in config.xml, so try to insert a dummy value here (even if the private key is not encrypted). It works for me this way, but it is not what you would expect, I guess. > I'm not sure what the PIX is trying to verify, but what ever it is, it's > failing. I've looked through the scripts, but my limited knowledge of Perl > is unable to full follow the process and discover where it's failing. > > How can I enable debugging on the SCEP process, and where would I look for > logs to aid in troubleshooting? Unfortunately there is no debugging or logging code in the current SCEP code, so you cannot easily find out what goes wrong. However, many people are using OpenCA SCEP successfully with Cisco gear, so my advice is to make double sure that you have configured the correct certificate for SCEP as described above. If your problem persists, please address me in private, I can provide you with a replacement for the scepPKIOperation script for testing that includes some logging and debugging. It is not yet ready for inclusion into CVS, though. Martin ------------------------------------------------------- This SF.Net email is sponsored by: IntelliVIEW -- Interactive Reporting Tool for open source databases. Create drag-&-drop reports. Save time by over 75%! Publish reports on the web. Export to DOC, XLS, RTF, etc. Download a FREE copy at http://www.intelliview.com/go/osdn_nl _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
