Hi all, I've been searching for hours, but I can't find the problem so you are my last chance...
Here is my setup: openca-0.9.2.4, RA and CA on one machine PIX OS Rel. 6.3 configured with ca identity xen-ca 172.16.2.249:/cgi-bin/scep/scep ca configure xen-ca ra 1 20 crlopt I'm trying to get a certificate for the Pix, ca authenticate seems to work well: home-pix(config)# ca authen xen-ca CI thread sleeps! Crypto CA thread wakes up! home-pix(config)# onnection opened CI thread wakes up! CRYPTO_PKI: WARNING: A certificate chain could not be constructed while selecting certificate status CRYPTO_PKI: Name: Serial Number = 4, CN = SCEP, OU = Trustcenter, O = XEN Test RA, C = DE CRYPTO_PKI: transaction GetCACert completed CRYPTO_PKI: Name: Serial Number = 4, CN = SCEP, OU = Trustcenter, O = XEN Test RA, C = DE Crypto CA thread sleeps! home-pix(config)# sh ca cer CA Certificate Status: Available Certificate Serial Number: 81f4e601e028cef6 Key Usage: General Purpose EA = [EMAIL PROTECTED] CN = CA selfsig Cert OU = Home Lab O = XEN-CA C = DE Validity Date: start date: 22:40:59 UTC Mar 3 2006 end date: 22:40:59 UTC Feb 26 2026 RA General purpose Certificate Status: Available Certificate Serial Number: 04 Key Usage: General Purpose Serial Number = 4 CN = SCEP OU = Trustcenter O = XEN Test RA C = DE Validity Date: start date: 23:21:15 UTC Mar 3 2006 end date: 23:21:15 UTC Nov 18 2025 But as you can see below, the enrollment is failing with the PIX message 'CRYPTO_PKI: status = 101: certificate request is rejected' and no CSR can be found within the RA. home-pix(config)# ca enroll xen-ca ipaddress % % Start certificate enrollment .. % The subject name in the certificate will be: home-pix.home.de CI thread sleeps! Crypto CA thread wakes up! % Certificate request sent to Certificate Authority % The certificate request fingerprint will be displayed. home-pix(config)# 111008: User 'enable_15' executed the 'ca enroll xen-ca *' command. CRYPTO_PKI: transaction PKCSReq completed CRYPTO_PKI: status: Crypto CA thread sleeps! CRYPTO_PKI: http connection opened CRYPTO_PKI: received msg of 3818 bytes CRYPTO_PKI: WARNING: Certificate, private key or CRL was not found while selecting CRL CRYPTO_PKI: WARNING: Certificate, private key or CRL was not found while selecting CRL CRYPTO_PKI: signed attr: pki-message-type: 13 01 33 CRYPTO_PKI: signed attr: pki-status: 13 01 32 CRYPTO_PKI: signed attr: pki-recipient-nonce: 04 10 2d 40 d5 7e 8c 13 dc 6e 5b ac bc b3 cf df 25 39 CRYPTO_PKI: signed attr: pki-transaction-id: 13 20 32 32 61 34 38 30 38 64 31 30 63 31 37 32 62 33 38 35 36 66 66 33 32 63 35 34 32 61 61 36 39 32 CRYPTO_PKI: status = 101: certificate request is rejected CRYPTO_PKI: All enrollment requests completed. Any hints ? Best Regards Kurt ------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642 _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
