AW: [Openca-Users] SCEP again - certificate chain not accepted by Cisco devices

Thu, 14 Apr 2005 11:08:03 -0700 

Hello dalini,

The routers now accept the CA certificate but refuses to accept the request 
from the router?

Here is the last part of the stderror output of OpenCA. The first part only 
lists all certificates already issued.
 
DEBUG: OpenCA::DBI->getResultItem: format: PEM
DEBUG: OpenCA::DBI->getResultItem: have all data
DEBUG: OpenCA::DBI->getResultItem: return item
DEBUG: OpenCA::DBI->Entering set_error ...
DEBUG: OpenCA::DBI->errno: gettext is defined
DEBUG: OpenCA::DBI->errno: new errorcode is 0
DEBUG: OpenCA::DBI->searchItems: add an object to the returnlist
DEBUG: OpenCA::DBI->searchItems: leaving function successfully
DEBUG: OpenCA::DBI->Entering set_error ...
DEBUG: OpenCA::DBI->errno: gettext is defined
DEBUG: OpenCA::DBI->errno: new errorcode is 0
cmds->scepCheckRequest: renewal allowed
cmds->scepCheckRequest: multiple certificates matched this request, not yet 
implemented
cmds->cmdScepPKIOperation: execute8: /usr/local/bin/openca-scep -new -signcert 
/usr/local/OpenCA/etc/scep/cert.pem -msgtype CertRep -status FAILURE -failinfo 
badRequest -keyfile /usr/local/OpenCA/etc/scep/key.pem -passin env:pwd -in 
/usr/local/OpenCA/var/tmp/scep_pkiOp_3444.p7 -reccert 
/usr/local/OpenCA/var/tmp/scep_client_3444.crt -outform DER
cmds->Pipe returned error code 0
cmds->cmdScepPKIOperation: execute4: /usr/local/bin/openca-scep -new -signcert 
/usr/local/OpenCA/etc/scep/cert.pem -msgtype CertRep -status FAILURE -failinfo 
badRequest -keyfile /usr/local/OpenCA/etc/scep/key.pem -passin env:pwd -in 
/usr/local/OpenCA/var/tmp/scep_pkiOp_3444.p7 -reccert 
/usr/local/OpenCA/var/tmp/scep_client_3444.crt -outform DER
cmds->Pipe returned error code 0
DEBUG: OpenCA::DBI->commit: entering function
DEBUG: OpenCA::DBI->errno: returning local errorcode 0
DEBUG: OpenCA::DBI->Entering set_error ...
DEBUG: OpenCA::DBI->errno: gettext is defined
DEBUG: OpenCA::DBI->errno: new errorcode is 0
OpenCA::OpenSSL->_stop_shell: try to stop shell
OpenCA::OpenSSL->_stop_shell: try to stop shell
DEBUG: OpenCA::DBI->DESTROY: automatic commit by destructor DESTROY
DEBUG: OpenCA::DBI->commit: entering function
DEBUG: OpenCA::DBI->errno: returning local errorcode 0
DEBUG: OpenCA::DBI->Entering set_error ...
DEBUG: OpenCA::DBI->errno: gettext is defined
DEBUG: OpenCA::DBI->errno: new errorcode is 0
DEBUG: OpenCA::DBI->DESTROY: call finish on all statement handles to avoid 
warnings by DBI

It looks like SCEP beleives that a certificate already matches the request. Any 
idea where I can look??

Regards

Max

-----Ursprüngliche Nachricht-----
Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Ives Steglich
Gesendet: Samstag, 9. April 2005 16:01
An: openca-users@lists.sourceforge.net
Betreff: Re: [Openca-Users] SCEP again - certificate chain not accepted by 
Cisco devices

Obes, Til wrote:
>>hmm, so then i don't have another idea what may be a reason not to 
>>take the ca-certs
> 
> 
> Firmware
> I had the problem, that the concentrator was not accepting His 
> identity certs, because of the firmware.
> I upgraded to 4.1.7e from 4.1.7d and it worked.

but it sounds like, the cisco (Routers) doesn't accept even the 
ca-certificates...

greetings
dalini


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide Read honest & candid reviews on 
hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click
_______________________________________________
Openca-Users mailing list
Openca-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-users


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://ads.osdn.com/?ad_ide95&alloc_id396&op=click
_______________________________________________
Openca-Users mailing list
Openca-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-users

Reply via email to