RE: Re: [Openca-Users] cannot decrypt SCEP data in outer PKCS7

timtom Thu, 14 Apr 2005 03:19:56 -0700

> Ives Steglich wrote:
> 
> > http://pki.fem.tu-ilmenau.de/operating/004/scep/scep
> sorry - it should be:
> http://pki.fem.tu-ilmenau.de/operating/004/pub/cgi-bin/scep/scep
> 
> greetings
> dalini
> 
Oh Thanks a lot,


one question first at all.
Is the certificate issued automaticially by your ca?

Here my trace from Netscreen:

Both traces caused by \"exec pki x509 scep id\" command!!!
Before i get a CA certificate and make a request.

First with my ca:
------------------------------------------------------
## 14:20:50 : exec_scep_auth_cli: id=194380036 which0=13 which1=2 cfg_mode<0> ma
sk<00000000>
## 14:20:50 : webNotifyPki: from<1> wCmd=f00b vSysCtx=2200010
## 14:20:50 : processPkiRequest cmd=a
## 14:20:50 : webReqHandler
## 14:20:50 : scep_start: key_id<194380036> ca_id<-2>
## 14:20:50 : lib=13 func=107 reason=121 file=../../asn1/asn1_lib.c line=106
get subject alt name construct err, len <0>.
## 14:20:50 : lib=13 func=223 reason=101 file=../../x509/x509_ext.c line=263
## 14:20:50 : lib=13 func=107 reason=121 file=../../asn1/asn1_lib.c line=106
get subject alt name construct err, len <0>.
## 14:20:50 : lib=13 func=223 reason=101 file=../../x509/x509_ext.c line=263
## 14:20:50 : PKI SCEP: use default ca-identity <any>, <00000000>.
## 14:20:50 : scep_LDAP_Init: new cookie
## 14:20:50 : new_nonce_hash data = 0 len = 0
## 14:20:50 : scep_start: PLDAP_STATE instance<02178428>
## 14:20:50 : scep_reset_url: CGI_PATH=http://172.16.98.92/cgi-bin/scep/scep
## 14:20:50 : scep_reset_url: RA_CGI_PATH=http://172.16.98.92/cgi-bin/scep/scep
## 14:20:50 : scep_init: p_scep_context = 2178428
## 14:20:50 : pki_x509_req: challenge_password<bintecbintec>.
## 14:20:50 : scep_ca_query: p_scep_context = 2178428
## 14:20:50 : httpUrlParser: Success, port=80:
## 14:20:50 : httpUrlParser: host=<172.16.98.92>
## 14:20:50 : httpUrlParser: urlPath=<GET /cgi-bin/scep/scep>
## 14:20:50 : httpUrlParser: input url=<http://172.16.98.92/cgi-bin/scep/scep>
## 14:20:50 : scep_form_http_req: operCmd=20 context=2178428 len=22
## 14:20:50 : scep_form_http_req: cgi=<GET /cgi-bin/scep/scep>
## 14:20:50 : scep_form_http_req: SCEP_GETCACERT
## 14:20:50 : getcacert_msg: CA-IDENT = any
## 14:20:50 : scep_form_http_req: len = 34 msg_len=3
## 14:20:50 :
GET request: len=54
## 14:20:50 : openHttpConnection: convert the host name 172.16.98.92.
## 14:20:50 : server IP 172.16.98.92
## 14:20:50 : Trying to connect host 172.16.98.92 port 80
## 14:20:50 : Trying to send to socket 526
## 14:20:50 : openHttpConnection: done <0>.
## 14:20:50 : pki mail received.
## 14:20:50 : http socket <526> got data <06e4d5a8> len <3635> byte.
## 14:20:50 : pkiExec: got content <application/x-x509-ca-ra-cer>, data <6e4d6be
> data len <3357>
## 14:20:50 : pkiExec: in_process = 0
## 14:20:50 : Got buf=6e4d6be len=3357 context 2178428 contentType=application/x
-x509-ca-ra-cer contentTypeLen=29
## 14:20:50 : scep_server_rsp: sub command <80>
## 14:20:50 : scep_server_rsp: (SCEP) Got CA and RA x509 certificates
## 14:20:50 : scep_rsp_ca_ra: p_scep_context = 2178428
## 14:20:50 : scep_rsp_ca_ra: total certs = 2
## 14:20:50 : ns_x509_key_usage: f000
## 14:20:50 : scep_ca_ra_settig: key usage = f000
## 14:20:50 : scep_ca_ra_settig: KU_KEY_ENCIPHERMENT, Signing cert
## 14:20:50 : ns_x509_key_usage: 0600
## 14:20:50 : scep_ca_ra_settig: key usage = 0600
## 14:20:50 : scep_ca_ra_settig: KU_CRL_SIGN, CA cert
## 14:20:50 : pCaCert: [EMAIL PROTECTED],CN=root,OU=RD,O=Bintec,C=DE,
## 14:20:50 : pRaSignCert: UNKNOWN=1,CN=scep,OU=Internet,O=Bintec,C=DE,
## 14:20:50 : scep_ca_fingerprint_authenticate: found CA X509 certificate in the
 trust store.
## 14:20:50 : scep_get_cert_initial: p_scep_context = 2178428
## 14:20:50 : httpUrlParser: Success, port=80:
## 14:20:50 : httpUrlParser: host=<172.16.98.92>
## 14:20:50 : httpUrlParser: urlPath=<GET /cgi-bin/scep/scep>
## 14:20:50 : httpUrlParser: input url=<http://172.16.98.92/cgi-bin/scep/scep>
## 14:20:50 : scep_form_http_req: operCmd=40 context=2178428 len=22
## 14:20:50 : scep_form_http_req: cgi=<GET /cgi-bin/scep/scep>
## 14:20:50 : scep_form_http_req: SCEP_PKIOPERATION
## 14:20:50 : pkioperation_msg: p_ldap_state=2178428 sub_cmd=14
## 14:20:50 : get certificate for: CN=scep2,CN=calinux,CN=rsa-key,CN=677,CN=0029
072002000255,CN=172.16.104.6,OU=RD,O=Bintec,ST=Germany,C=DE,
## 14:20:50 : pkioperation_msg: SCEP_GETCERTINITIAL
## 14:20:50 : scep_ra_settig: pCaCert = 02163700
## 14:20:50 : scep_ra_settig: reset pRaVerifyCert = 021621c0
## 14:20:50 : SCEP_GETCERTINITIAL: len = 280
## 14:20:50 : scep_wrap_p7: SCEP_GETCERTINITIAL
## 14:20:50 : scep_transaction_id: len = 4 d3574d1a 819a530f 59083bbb 516982a3
## 14:20:50 : PKI: no FQDN available when requesting certificate.
## 14:20:50 : pkioperation_msg: RA: UNKNOWN=1,CN=scep,OU=Internet,O=Bintec,C=DE,
## 14:20:50 : new_nonce_hash data = 590c700 len = 595
## 14:20:50 : new_nonce_hash data = 0 len = 0
## 14:20:50 : scep_transaction_id: len = 4 d3574d1a 819a530f 59083bbb 516982a3
## 14:20:50 : PEM_ASN1_write_bio: len<1964>
## 14:20:50 : i<8192> inl<11>
## 14:20:50 : i<8181> inl<5>
## 14:20:50 : i<8176> inl<6>
## 14:20:50 : i<8170> inl<2600>
## 14:20:50 : i<5570> inl<61>
## 14:20:50 : i<5509> inl<9>
## 14:20:50 : i<5500> inl<5>
## 14:20:50 : i<5495> inl<6>
## 14:20:50 : PEM scep p7 len= 2620
## 14:20:50 : scep_form_http_req: len = 34 msg_len=2688
## 14:20:50 :
GET request: len=2742
## 14:20:50 : openHttpConnection: convert the host name 172.16.98.92.
## 14:20:50 : server IP 172.16.98.92
## 14:20:50 : Trying to connect host 172.16.98.92 port 80
## 14:20:50 : Trying to send to socket 527
## 14:20:50 : openHttpConnection: done <0>.
## 14:20:50 : scep_rsp_ca_ra: done, p_scep_context = 2178428
## 14:20:53 : http socket <527> got data <06e4e518> len <4350> byte.
## 14:20:53 : pkiExec: got content <application/x-pki-messag>, data <6e4e62a> da
ta len <4076>
## 14:20:53 : pkiExec: in_process = 0
## 14:20:53 : Got buf=6e4e62a len=4076 context 2178428 contentType=application/x
-pki-messag contentTypeLen=25
## 14:20:53 : scep_server_rsp: sub command <14>
## 14:20:53 : scep_server_rsp: (SCEP) Got PKI operation response
## 14:20:53 : scep_rsp_pkioperation: p_scep_context = 2178428
## 14:20:53 : scep_rsp_cmd: p_scep_context = 2178428
## 14:20:53 : scep_rsp_pkioperation: SCEP_SUCCESS
## 14:20:53 : scep_rsp_pkioperation_success: p_scep_context = 2178428 <057b9ea0>
## 14:20:53 : scep_transaction_id: len = 4 d3574d1a 819a530f 59083bbb 516982a3
## 14:20:53 : PKI: no FQDN available when requesting certificate.
## 14:20:53 : lib=33 func=109 reason=111 file=../../pkcs7/pk7_doit.c line=670
## 14:20:53 : PKI: The device cannot decrypt SCEP data in outer PKCS7 envelope.
## 14:20:53 : scep_rsp_pkioperation_success: p_scep_context = 2178428 <057b9ea0>
## 14:20:53 : scep_rsp_pkioperation: PKCS7 data is not degenerated
## 14:20:53 : updateCertFile: Update the cert files.
## 14:20:53 : PKI: opened file for write, product<9>.
--------------------------------------------------------------


Second with yours:
-------------------------------------------------------------

 12:00:26 : exec_scep_auth_cli: id=194380074 which0=13 which1=2 cfg_mode<0> ma
sk<00000000>
## 12:00:26 : webNotifyPki: from<1> wCmd=f00b vSysCtx=2200010
## 12:00:26 : processPkiRequest cmd=a
## 12:00:26 : webReqHandler
## 12:00:26 : scep_start: key_id<194380074> ca_id<-2>
## 12:00:26 : lib=13 func=107 reason=121 file=../../asn1/asn1_lib.c line=106
get subject alt name construct err, len <0>.
## 12:00:26 : lib=13 func=223 reason=101 file=../../x509/x509_ext.c line=263
## 12:00:26 : lib=13 func=107 reason=121 file=../../asn1/asn1_lib.c line=106
get subject alt name construct err, len <0>.
## 12:00:26 : lib=13 func=223 reason=101 file=../../x509/x509_ext.c line=263
## 12:00:26 : PKI SCEP: use default ca-identity <any>, <00000000>.
## 12:00:26 : scep_LDAP_Init: new cookie
## 12:00:26 : new_nonce_hash data = 0 len = 0
## 12:00:26 : scep_start: PLDAP_STATE instance<02179404>
## 12:00:26 : scep_reset_url: CGI_PATH=http://141.24.101.4/operating/004/pub/cgi
-bin/scep/scep
## 12:00:26 : scep_reset_url: RA_CGI_PATH=http://141.24.101.4/operating/004/pub/
cgi-bin/scep/scep
## 12:00:26 : scep_init: p_scep_context = 2179404
## 12:00:26 : pki_x509_req: no challenge_password.
## 12:00:26 : scep_ca_query: p_scep_context = 2179404
## 12:00:26 : httpUrlParser: Success, port=80:
## 12:00:26 : httpUrlParser: host=<141.24.101.4>
## 12:00:26 : httpUrlParser: urlPath=<GET /operating/004/pub/cgi-bin/scep/scep>
## 12:00:26 : httpUrlParser: input url=<http://141.24.101.4/operating/004/pub/cg
i-bin/scep/scep>
## 12:00:26 : scep_form_http_req: operCmd=20 context=2179404 len=40
## 12:00:26 : scep_form_http_req: cgi=<GET /operating/004/pub/cgi-bin/scep/scep>
## 12:00:26 : scep_form_http_req: SCEP_GETCACERT
## 12:00:26 : getcacert_msg: CA-IDENT = any
## 12:00:26 : scep_form_http_req: len = 52 msg_len=3
## 12:00:26 :
GET request: len=72
## 12:00:26 : openHttpConnection: convert the host name 141.24.101.4.
## 12:00:26 : server IP 141.24.101.4
## 12:00:26 : Trying to connect host 141.24.101.4 port 80
## 12:00:26 : Trying to send to socket 277
## 12:00:26 : openHttpConnection: done <0>.
## 12:00:26 : pki mail received.
## 12:00:26 : http socket <277> got data <06e69028> len <3201> byte.
## 12:00:26 : pkiExec: got content <application/x-x509-ca-ra-cer>, data <6e690f0
> data len <3001>
## 12:00:26 : pkiExec: in_process = 0
## 12:00:26 : Got buf=6e690f0 len=3001 context 2179404 contentType=application/x
-x509-ca-ra-cer contentTypeLen=29
## 12:00:26 : scep_server_rsp: sub command <80>
## 12:00:26 : scep_server_rsp: (SCEP) Got CA and RA x509 certificates
## 12:00:26 : scep_rsp_ca_ra: p_scep_context = 2179404
## 12:00:26 : scep_rsp_ca_ra: total certs = 2
## 12:00:26 : ns_x509_key_usage: f000
## 12:00:26 : scep_ca_ra_settig: key usage = f000
## 12:00:26 : scep_ca_ra_settig: KU_KEY_ENCIPHERMENT, Signing cert
## 12:00:26 : ns_x509_key_usage: c600
## 12:00:26 : scep_ca_ra_settig: key usage = c600
## 12:00:26 : scep_ca_ra_settig: KU_CRL_SIGN, CA cert
## 12:00:26 : pCaCert: [EMAIL PROTECTED],CN=FeM e.V. Testing PKI 02,OU
=Technik,O=FeM e.V.,C=De,
## 12:00:26 : pRaSignCert: UNKNOWN=12,CN=pki.fem.tu-ilmenau.de,OU=Internet,O=FeM
 e.V.,C=De,
## 12:00:26 : scep_ca_fingerprint_authenticate: found CA X509 certificate in the
 trust store.
## 12:00:26 : scep_get_cert_initial: p_scep_context = 2179404
## 12:00:26 : httpUrlParser: Success, port=80:
## 12:00:26 : httpUrlParser: host=<141.24.101.4>
## 12:00:26 : httpUrlParser: urlPath=<GET /operating/004/pub/cgi-bin/scep/scep>
## 12:00:26 : httpUrlParser: input url=<http://141.24.101.4/operating/004/pub/cg
i-bin/scep/scep>
## 12:00:26 : scep_form_http_req: operCmd=40 context=2179404 len=40
## 12:00:26 : scep_form_http_req: cgi=<GET /operating/004/pub/cgi-bin/scep/scep>
## 12:00:26 : scep_form_http_req: SCEP_PKIOPERATION
## 12:00:26 : pkioperation_msg: p_ldap_state=2179404 sub_cmd=14
## 12:00:26 : get certificate for: CN=illmenau1,CN=calinux,CN=rsa-key,CN=677,CN=
0029072002000255,CN=172.16.104.6,OU=RD,O=privat,ST=Germany,C=DE,
## 12:00:26 : pkioperation_msg: SCEP_GETCERTINITIAL
## 12:00:26 : scep_ra_settig: pCaCert = 021629b8
## 12:00:26 : scep_ra_settig: reset pRaVerifyCert = 0216217c
## 12:00:26 : SCEP_GETCERTINITIAL: len = 320
## 12:00:26 : scep_wrap_p7: SCEP_GETCERTINITIAL
## 12:00:26 : scep_transaction_id: len = 4 66ed61a6 444b6c4b e192efff 825ba946
## 12:00:26 : PKI: no FQDN available when requesting certificate.
## 12:00:26 : pkioperation_msg: RA: UNKNOWN=12,CN=pki.fem.tu-ilmenau.de,OU=Inter
net,O=FeM e.V.,C=De,
## 12:00:26 : new_nonce_hash data = 590d388 len = 670
## 12:00:26 : new_nonce_hash data = 0 len = 0
## 12:00:26 : scep_transaction_id: len = 4 66ed61a6 444b6c4b e192efff 825ba946
## 12:00:26 : PEM_ASN1_write_bio: len<2053>
## 12:00:26 : i<8192> inl<11>
## 12:00:26 : i<8181> inl<5>
## 12:00:26 : i<8176> inl<6>
## 12:00:26 : i<8170> inl<2730>
## 12:00:26 : i<5440> inl<53>
## 12:00:26 : i<5387> inl<9>
## 12:00:26 : i<5378> inl<5>
## 12:00:26 : i<5373> inl<6>
## 12:00:26 : PEM scep p7 len= 2740
## 12:00:26 : scep_form_http_req: len = 52 msg_len=2834
## 12:00:26 :
GET request: len=2906
## 12:00:26 : openHttpConnection: convert the host name 141.24.101.4.
## 12:00:26 : server IP 141.24.101.4
## 12:00:26 : Trying to connect host 141.24.101.4 port 80
## 12:00:26 : Trying to send to socket 278
## 12:00:26 : openHttpConnection: done <0>.
## 12:00:26 : scep_rsp_ca_ra: done, p_scep_context = 2179404
## 12:00:27 : http socket <278> got data <06e1ba68> len <2259> byte.
## 12:00:27 : pkiExec: got content <x-pki-messag>, data <6e1bb36> data len <2053
>
## 12:00:27 : pkiExec: in_process = 0
## 12:00:27 : Got buf=6e1bb36 len=2053 context 2179404 contentType=x-pki-messag
contentTypeLen=13
## 12:00:27 : scep_server_rsp: sub command <14>
## 12:00:27 : SCEP: bad content type <x-pki-message>
-------------------------------------------

Any ideas





> 
> -------------------------------------------------------
> SF email is sponsored by - The IT Product Guide
> Read honest & candid reviews on hundreds of IT Products from real users.
> Discover which products truly live up to the hype. Start reading now.
> http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
> _______________________________________________
> Openca-Users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/openca-users
> 

www.mails.at - Der kostenlose E-Mail Anbieter


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users

RE: Re: [Openca-Users] cannot decrypt SCEP data in outer PKCS7

Reply via email to