Tom Tim wrote: > Hi, > > i have some trouble with my sceo installation. > > My System: > ----------------------------------------- > Ubuntu Linux on Intel > Openca 0.9.2.2 > Openssl 0.9.7d this openssl version is known to have some problems ;) expecially in the pkcs#7 stuff, which is used for scep
> Installtion according the Howto from dartmouth > (with Ca and RA on one PC in two folders) > --------------------------------------- > My installation is work for browser certificates and so on (over the web > interface). > But scep doesnt work. > let's see > If i use SSCEPs \"getca\" i got two certificates (one for CA and my one > created webserver certificate). > After then i use \"enroll\" an i got : > ----------------------------------------------- > ./sscep: starting sscep, version 20030417 > ./sscep: hostname: 172.16.98.92 > ./sscep: directory: cgi-bin/scep/scep > ./sscep: port: 80 > ./sscep: new transaction > ./sscep: transaction id: E77CB51B9884612B8C07430409CBEE1A > ./sscep: generating selfsigned certificate > ./sscep: SCEP_OPERATION_ENROLL > ./sscep: sending certificate request > ./sscep: creating inner PKCS#7 > ./sscep: data payload size: 383 bytes > Segmentation fault > -------------------------------- > In this case i think its eventually caused bei my openssl version 0.9.7d > according some posts in the internet. yes this seemes quite resonable, and i think martin mentioned it, that sscep doesn't work quite well with openssl-0.9.7d or e, i'm not sure about this ;(, i think 0.9.7c is working with sscep > But in additon my Netscreen 208 isnt work with openca scep. > Here i got the ca certificate too. But after then nothing. > hmm, since the openssl 0.9.7d is broken (for the pkcs#7) the scep interface of openca can't work properly - you should test it with an 0.9.7c for example (you may install a separate openssl version, for testing with openca) - i just don't remember if there was a patch for 0.9.7d to fix the broken pkcs#7 problems... > Error loading private key > 13447:error:09067068:PEM routines:PEM_ASN1_read_bio:bad password > read:pem_pkey.c:106: > Error loading private key > 13449:error:09067068:PEM routines:PEM_ASN1_read_bio:bad password > read:pem_pkey.c:106: > 723701: Der Zertifikatsantrag konnte nicht aus der SCEP-Nachricht extrahiert > werden! > 723717: Interner Fehler bei der Antragsbearbeitung > Error loading private key > 13450:error:09067068:PEM routines:PEM_ASN1_read_bio:bad password > read:pem_pkey.c:106: > Error loading private key > 13451:error:09067068:PEM routines:PEM_ASN1_read_bio:bad password > read:pem_pkey.c:106: hmm, ist the key used for scep encrypted? so there may be a problem if you don't set the key-passphrase in the scep-configuration of openca? but this error may also be related to the broken openssl i'm not sure greetings dalini ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
