[Openca-Users] SCEP problem

Wed, 01 Jun 2005 03:52:19 -0700 

Hi to all, I've an OpenCA installation with RA and CA on the same
server. All functions are working fine, except for SCEP.

Every time I send a SCEP request using sscep, on the shell...

./sscep: printing PEM fomatted PKCS#7
-----BEGIN PKCS7-----
-----END PKCS7-----
Segmentation fault 

If I make the request directly to the SCEP "server" of OpenCA using a
normal browser, the response from SCEP is an HTML response with this
error message:

"Cannot extract the transaction ID from the SCEP message!"

and error code 723705.

I don't know what the problem can be, because the two sent PKCS7 seem
correct if viewed with an ASN.1 parser, I can read also the
Transaction ID in one of them.

I've also configured config.xml and scep.conf in this way:

scep.conf:

ScepRACert      "/home/openca-installed/etc/scep/scep_cert.pem"
ScepRAKey       "/home/openca-installed/etc/scep/scep_pkey.pem"
ScepRAPasswd    "1234567890"

and config.xml:

        <option>
            <name>SCEP_RA_CERT</name>
            <value>/home/openca-installed/etc/scep/scep_cert.pem</value>
        </option>
        <option>
            <name>SCEP_RA_KEY</name>
            <value>/home/openca-installed/etc/scep/scep_pkey.pem</value>
        </option>
        <option>
            <name>SCEP_RA_PASSWD</name>
            <value>1234567890</value>
        </option>

the certificate used is an RA certificate. 

One last question. I'm testing OpenCA and I'm evaluating in particular
the integration with a CMS. I've read on the mailinglist that with
SCEP is possible to automate the process of certificate creation. So
from what I understand, imitating the sscep command line tool, I send
a PKCS#10 (embedded in the pkcs7s) to the OpenCA SCEP interface, the
SCEP signs this request with it's RA Operator certificate, the CA
creates the certificate and then returns it to the CMS. Is this
correct ?

Thanks for the help, bye.

-- 
Diego de Felice


-------------------------------------------------------
This SF.Net email is sponsored by Yahoo.
Introducing Yahoo! Search Developer Network - Create apps using Yahoo!
Search APIs Find out how you can build Yahoo! directly into your own
Applications - visit http://developer.yahoo.net/?fr=offad-ysdn-ostg-q22005
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users

Reply via email to