Hi Kurt,
After the failing enrollment, all existing certificates are listed
in stderr.log and I found the line:
cmds->cmdScepPKIOperation: scepCheckRequest: more than two valid
certificates matched this request, rejected for policy reasons
Below you can find the log of the enrollment.
the SCEP server rejects the request because it *seems* to find an
already existing certificate with the same requested DN in the database.
First (to be sure) please check if there is already a certificate
with CN=home-pix.home.de, if there is, please revoke the existing one
(s).
Next please change ScepRenewalRDNMatch in the SCEP server
configuration. Try setting it to
"unstructuredName" for your setup.
If it still does not work, set this value to the empty string "".
Remember to run configure_etc.sh and to restart OpenCA after changing
the configuration.
cheers,
Martin
-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users
