Re: [Openca-Users] Problem with scep ans sscep enrollment

Fri, 22 Jul 2005 03:56:15 -0700



Martin Bartosch <[EMAIL PROTECTED]> a écrit :

Hi,

>> hi, i'me sure that i don't use the openssl 0.9.7d version. in the openca
>> configure option i set --With-openssl-prefix=/usr/local/ssl wich is the
>> directory of openssl 0.9.7c. But is the openssl 0.9.7a which come wiht my
>> distrib and i don't erase it because of dependencies.
>> But as you can see i can receive some PKCS7 message, is the last one who
>> fail.

>please check your setup:

>- SCEP RA certificate is configured for OpenCA

How can i check this. I check the key usage and it's Digital Signature, Non Repudiation, Key Encipherment, Data Encipherment Usage. Is it enough.


>- SCEP RA key does not (!) have a passphrase, a passphrase must be
>set in config.xml, but it is ignored (my experience).

Is it the passphrase wich is asked when i want to download the ScepRA certificate and Key in the ra web interface? I set and unset this passphrase as the ScepRAPasswd in the config.xml without success.

>On the client side try to get the CA certificates (getcacert).
>Verify that the first certificate returned is the SCEP RA certificate

it's ok. before using sscep getca command,the parameter CACertfile in sscep.conf was ./ca.crt-0

after launchng this command i have two file

ca.crt-0-0 SCEP certificate

ca.crt-0-1 CA certificate

>Use this certificate in the enroll command for sscep via -c or in

before lauching the sscep enroll command i replace ca.crt-0 with ca.crt-0.0 in the sscep.conf
>the config file.

>I had this error, too, but in my case it was first because of
>OpenSSL 0.9.7d and after this was fixed because of using the incorrect
>certificate on the client side (CA cert instead of SCEP RA cert).
Aïe!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

My god!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!My god!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

There is a problem!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

I go in /usr/local/ssl the path i indicate in the RA configuration. After doing an openssl version i see 0.9.7a. Oh!!!!!!!!!!!!!!!my god i've installed the 0.9.7c version and it seems that it's the 0.9.7a version which is used by openca. Is this can be the problem.

Please help.

>cheers

>Martin




-------------------------------------------------------
SF.Net email is sponsored by: Discover Easy Linux Migration Strategies
from IBM. Find simple to follow Roadmaps, straightforward articles,
informative Webcasts and more! Get everything you need to get up to
speed, fast. http://ads.osdn.com/?ad_idt77&alloc_id492&op=click
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users

Appel audio GRATUIT partout dans le monde avec le nouveau Yahoo! Messenger
Téléchargez le ici !

Reply via email to