Re: [Openca-Users] Problem with scep ans sscep enrollment

Martin Bartosch Fri, 22 Jul 2005 03:04:18 -0700

Hi,

> hi, i'me sure that i don't use the openssl 0.9.7d version. in the openca
> configure option i set --With-openssl-prefix=/usr/local/ssl wich is the
> directory of openssl 0.9.7c. But is the openssl 0.9.7a which come wiht my
> distrib and i don't erase it because of dependencies.
> But as you can see i can receive some PKCS7 message, is the last one who
> fail.


please check your setup:

- SCEP RA certificate is configured for OpenCA
- SCEP RA key does not (!) have a passphrase, a passphrase must be
  set in config.xml, but it is ignored (my experience)

On the client side try to get the CA certificates (getcacert).
Verify that the first certificate returned is the SCEP RA certificate
Use this certificate in the enroll command for sscep via -c or in
the config file.

I had this error, too, but in my case it was first because of
OpenSSL 0.9.7d and after this was fixed because of using the incorrect
certificate on the client side (CA cert instead of SCEP RA cert).

cheers

Martin




-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id492&op=click
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users

Re: [Openca-Users] Problem with scep ans sscep enrollment

Reply via email to