Hi,
i have some trouble with my sceo installation.
My System:
-----------------------------------------
Ubuntu Linux on Intel
Openca 0.9.2.2
Openssl 0.9.7d
Installtion according the Howto from dartmouth
(with Ca and RA on one PC in two folders)
---------------------------------------
My installation is work for browser certificates and so on (over the web
interface).
But scep doesnt work.
I have createt a webserver certificate an opened it with the RA interface an
PKCS 8 so i could copy an paste the certification part and the key part. I copy
the two parts in two files, one for cert and one for key. My the config.xml
point on the two files
------------------------------------------------
<option>
<name>SCEP_RA_CERT</name>
<value>/usr/local/ra/openca/var/crypto/scep2.pem</value>
</option>
<option>
<name>SCEP_RA_KEY</name>
<value>/usr/local/ra/openca/var/crypto/scep2key.pem</value>
</option>
<option>
<name>SCEP_RA_PASSWD</name>
<value></value>
</option>
----------------------------------------------------
If i use SSCEPs \"getca\" i got two certificates (one for CA and my one
created webserver certificate).
After then i use \"enroll\" an i got :
-----------------------------------------------
./sscep: starting sscep, version 20030417
./sscep: hostname: 172.16.98.92
./sscep: directory: cgi-bin/scep/scep
./sscep: port: 80
./sscep: new transaction
./sscep: transaction id: E77CB51B9884612B8C07430409CBEE1A
./sscep: generating selfsigned certificate
./sscep: SCEP_OPERATION_ENROLL
./sscep: sending certificate request
./sscep: creating inner PKCS#7
./sscep: data payload size: 383 bytes
Segmentation fault
--------------------------------
In this case i think its eventually caused bei my openssl version 0.9.7d
according some posts in the internet.
But in additon my Netscreen 208 isnt work with openca scep.
Here i got the ca certificate too. But after then nothing.
In Openca stderr.log i find these after \"open_start\" and one test with
netscreen:
-----------------------------------Process Backgrounded
2005/04/05-09:21:05 OpenCA::Server (type Net::Server::Fork) starting! pid(12965)
Binding to UNIX socket file /usr/local/ra/openca/var/tmp/openca_socket using
SOCK_STREAM
Setting gid to \"33 33\"
Setting uid to \"33\"
Error loading private key
13447:error:09067068:PEM routines:PEM_ASN1_read_bio:bad password
read:pem_pkey.c:106:
Error loading private key
13449:error:09067068:PEM routines:PEM_ASN1_read_bio:bad password
read:pem_pkey.c:106:
723701: Der Zertifikatsantrag konnte nicht aus der SCEP-Nachricht extrahiert
werden!
723717: Interner Fehler bei der Antragsbearbeitung
Error loading private key
13450:error:09067068:PEM routines:PEM_ASN1_read_bio:bad password
read:pem_pkey.c:106:
Error loading private key
13451:error:09067068:PEM routines:PEM_ASN1_read_bio:bad password
read:pem_pkey.c:106:
--------------------------------------
I hope anyone can help me
Thanks
and sorry for my bad english
Sniper
www.mails.at - Der kostenlose E-Mail Anbieter
-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users
