Common Information ------------------------------------------------ OpenCA Version : openca-0.9.2.2 Perl Version : v5.8.7 OpenSSL Version : OpenSSL 0.9.7e Operating System: Linux Debian Kernel 2.4.27 ------------------------------------------------ Problem Description:
SCEP error during cert enrollment Hi I´ll try to get SCEP interface on my OpenCA installation to work. I created a cert for the SCEP RA as role Webserver. I tried to get it with following devices Linux with SSCEP , Cisco VPN3000 with OS 4.7 Cisco Router IOS 12.3.10a VPNClient on WinXP 4.6.0.3 I can retrieve the CA cert with all devices, but when I try to enroll a cert I fail with all different devices. It seems that the upload of the CSR just went fine, cause I see the Certs in the RA interface and I can approve them and sign them in the CA. But the client are never able to retrieve the issued cert afterwards. I can`t see any useful in the OpenCA logs. The only useful debug I got from sscep client (see below) but a google search for the error only revealed problems with false openssl versions. But as you can see I use openssl 0.9.7e which should be fine ssep debugging : ./sscep: PKCS#7 contains 0 bytes of enveloped data ./sscep: verifying signature ./sscep: error verifying signature 18051:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01:rsa_pk1.c:100: 18051:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay.c:580: 18051:error:21071069:PKCS7 routines:PKCS7_signatureVerify:signature failure:pk7_doit.c:838: On the cisco devices, I can´t see any useful output in the debugs, only that there was an error :-) Maybe somebody has a hint for me, or can tell me how I can debug this issue further Kind regards Michael -- Weitersagen: GMX DSL-Flatrates mit Tempo-Garantie! Ab 4,99 Euro/Monat: http://www.gmx.net/de/go/dsl ------------------------------------------------------- SF.Net email is sponsored by: Discover Easy Linux Migration Strategies from IBM. Find simple to follow Roadmaps, straightforward articles, informative Webcasts and more! Get everything you need to get up to speed, fast. http://ads.osdn.com/?ad_id=7477&alloc_id=16492&op=click _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
