I succesfully install a CA and RA on the same PC.
I issued a certificate for SCEP using this attributes:
Web server,1024,Digital signature, Non repudiation, Key
Encipherment,
Data Encipherment.
then, I downloed the certificate and the key in the
browser(mozilla).
I create a Scep.crt and scep.key in wich i copied the scep
certificate
and key. i indicate the path for those file in the scep.conf
in scep.xml i set map_role to no
On a cisco 1600 routeur i deal with this configuration:
crypto ca identity certifs
enrollment mode ra
enrollment url http://certifs/cgi-bin/scep/scep
crypto ca authenticate certifs
This last command did not work and give this debug
BICIS(config)#crypto ca authenticate certifs
01:49:20: CRYPTO_PKI: Sending CA Certificate Request:
GET /cgi-bin/scep/pkiclient.exe?operation=GetCACert&message=certifs
HTTP/1.0
01:49:20: CRYPTO_PKI: http connection opened
% Error in receiving Certificate Authority certificate: status =
FAIL, cert length = 0
BICIS(config)#
01:49:24: CRYPTO_PKI: HTTP response header:
HTTP/1.1 200 OK
Date: Fri, 15 Jul 2005 17:15:54 GMT
Server: Apache/1.3.27 (Unix) mod_ssl/2.8.14 OpenSSL/0.9.7c
Set-Cookie: CGISESSID=7dbba2128ef418313c1316b6a76c2bf3; path=/
Connection: close
Content-Type: application/x-x509-ca-ra-cert
Content-Type indicates we have received CA and RA certificates.
01:49:24: CRYPTO_PKI: WARNING: A certificate chain could not be
constructed while select ing cers
01:49:24: CRYPTO_PKI: Error: Code 0x0000 while selecting self signed
certificate
01:49:24: CRYPTO_PKI: WARNING: Certificate, private key or CRL was
not found while verifying cet
01:49:24: CRYPTO_PKI: status = 324: failed to verify
01:49:24: CRYPTO_PKI: Unable to read CA/RA certificates.
01:49:24: %CRYPTO-3-GETCARACERT: Failed to receive RA/CA
certificates.
01:49:24: CRYPTO_PKI: transaction GetCACert completed
i set permission 777 on the path that contains pkiclient.exe
i also change the owner from root to apache user but that did not
resolve the problem
Please can someone help me.
Thanks
I issued a certificate for SCEP using this attributes:
Web server,1024,Digital signature, Non repudiation, Key
Encipherment,
Data Encipherment.
then, I downloed the certificate and the key in the
browser(mozilla).
I create a Scep.crt and scep.key in wich i copied the scep
certificate
and key. i indicate the path for those file in the scep.conf
in scep.xml i set map_role to no
On a cisco 1600 routeur i deal with this configuration:
crypto ca identity certifs
enrollment mode ra
enrollment url http://certifs/cgi-bin/scep/scep
crypto ca authenticate certifs
This last command did not work and give this debug
BICIS(config)#crypto ca authenticate certifs
01:49:20: CRYPTO_PKI: Sending CA Certificate Request:
GET /cgi-bin/scep/pkiclient.exe?operation=GetCACert&message=certifs
HTTP/1.0
01:49:20: CRYPTO_PKI: http connection opened
% Error in receiving Certificate Authority certificate: status =
FAIL, cert length = 0
BICIS(config)#
01:49:24: CRYPTO_PKI: HTTP response header:
HTTP/1.1 200 OK
Date: Fri, 15 Jul 2005 17:15:54 GMT
Server: Apache/1.3.27 (Unix) mod_ssl/2.8.14 OpenSSL/0.9.7c
Set-Cookie: CGISESSID=7dbba2128ef418313c1316b6a76c2bf3; path=/
Connection: close
Content-Type: application/x-x509-ca-ra-cert
Content-Type indicates we have received CA and RA certificates.
01:49:24: CRYPTO_PKI: WARNING: A certificate chain could not be
constructed while select ing cers
01:49:24: CRYPTO_PKI: Error: Code 0x0000 while selecting self signed
certificate
01:49:24: CRYPTO_PKI: WARNING: Certificate, private key or CRL was
not found while verifying cet
01:49:24: CRYPTO_PKI: status = 324: failed to verify
01:49:24: CRYPTO_PKI: Unable to read CA/RA certificates.
01:49:24: %CRYPTO-3-GETCARACERT: Failed to receive RA/CA
certificates.
01:49:24: CRYPTO_PKI: transaction GetCACert completed
i set permission 777 on the path that contains pkiclient.exe
i also change the owner from root to apache user but that did not
resolve the problem
Please can someone help me.
Thanks
Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger
Téléchargez le ici !
