> Tom Tim wrote: > > > I have now a second installtion on the same machine linked with openssl > > 0.97f. > > SSCEP have the same fauilure but i dont now how i can control with openssl > > are linked, so it is posible that sscep use the old version. > > > you can check this with: ldd - looks then like this for example: > ldd sscep > libcrypto.so.0.9.7 => not found > libc.so.6 => /lib/tls/libc.so.6 (0x00675000) > /lib/ld-linux.so.2 (0x0065c000) > > NAME > ldd - print shared library dependencies > > SYNOPSIS > ldd [OPTION]... FILE... > > DESCRIPTION > ldd prints the shared libraries required by each program or > shared library specified on the command line. > > > > But Netscreen goes two steps forward. > > 1. I use a Challange Password, i forgot in the old tests :-( > > 2. openca use openssl 0.97f > > => Now i can send a reqest and receive it on the RA/CA. > > But after creating the certivicate i cant receive the certificate > > with the n > > netscreen. I use the \\\"Retrieve\\\" Button but no certificate is > > coming :-( > > I have no errorlog entrie in the RA/CA. > > i don\'t know how what you mean by the \'retrieve\' button? > how does a netscreen work? > > > greetings > dalini
Now i have made a complete new installation of linux with openssl 0.9.7f. But sscep doesnt work (same failure as before). And Netscreen behavior is like my description above. In terms of Netscreen: According the \"OpenCA Guide for 0.9.2+\" there are the following way to succeed. ---------------------------------------------------------------------------------------- OpenCA\'s SCEP service is tested with NetScreen NS-208. NetScreen\'s SCEP implementation sends SCEP messages in base64 but without any newlines. Now OpenCA can handle this too. First you have to install the complete CA chain. You have to go to objects and then to certificates. Here you must set the option Show to CA. Now you can upload the CA certificates via browse and load. After you uploaded the complete chain please go to the end user CA and click on Server Settings. The interface is a little bit mistakable because it display the issuer and in this field you find the link to configure the CA. RA CGI and CA CGI must be set to OpenCA\'s SCEP interface. The address is something like http://scep.mypki.org/cgi-bin/scep/scep. If you want to be consequent then please check the advanced settings to be correct for your environment. It is recommended to set at minimum the field Certificate Renew to seven days. Finally click on OK to save the settings. This can take some time. Now it\'s time to make the request. Change Show from CA to Local and click on New. Enter all required informations and choose at minimum a keylength of 1024 bit - smaller keylengths are a security risk. If you finished then click Generate to create the key and request. Due to the slow hardware it can take some time. If you see the request then select the checkboxes Automatically enroll to and Existing CA server settings. Select the appropriate CA which you configured for SCEP and click on OK. This will submit the request. If the certificate was issued go to the web interface of your NetScreen box. Go to objects and then to certificates. Here you must set the option Show to Local. Click on Retrieve to check for the certificate. ----------------------------------------------------------------------------------------------- I mean the last line by \"click on retrieve button\". Hope anyone can help. I havent more ideas. www.mails.at - Der kostenlose E-Mail Anbieter ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
