Hello List,
I'm using openca 0.9.3 rc1.
I've configured the SCEP Interface for use with a CISCO PIX 501.
After I do the ca "enroll <ca-nick> <pwd>" I get the following output on
the PIX:
%
% Start certificate enrollment ..
% The subject name in the certificate will be: pixCAtest.badenit.intern
CI thread sleeps!
Crypto CA thread wakes up!
% Certificate request sent to Certificate Authority
% The certificate request fingerprint will be displayed.
pixCAtest(config)#
pixCAtest(config)#
pixCAtest(config)#
CI thread wakes up!
CRYPTO_PKI: transaction PKCSReq completed
CRYPTO_PKI: status:
Crypto CA thread sleeps!
CRYPTO_PKI: http connection opened
CRYPTO_PKI: received msg of 2194 bytes
CRYPTO_PKI: WARNING: Certificate, private key or CRL was not found while
selecting CRL
CRYPTO_PKI: WARNING: Certificate, private key or CRL was not found while
selecting CRL
CRYPTO_PKI: signed attr: pki-message-type:
13 01 33
CRYPTO_PKI: signed attr: pki-status:
13 01 33
CRYPTO_PKI: signed attr: pki-recipient-nonce:
04 10 f6 55 77 f3 a3 90 83 a7 56 83 a1 aa 59 d7 f8 df
CRYPTO_PKI: signed attr: pki-transaction-id:
13 20 38 39 33 34 34 32 30 64 33 63 61 31 36 30 66 36 33 37
62 31 61 61 38 61 37 39 31 33 64 39 37 36
CRYPTO_PKI: status = 102: certificate request pending
CRYPTO_PKI: http connection opened
CRYPTO_PKI: received msg of 2194 bytes
CRYPTO_PKI: WARNING: Certificate, private key or CRL was not found while
selecting CRL
CRYPTO_PKI: WARNING: Certificate, private key or CRL was not found while
selecting CRL
CRYPTO_PKI: signed attr: pki-message-type:
13 01 33
CRYPTO_PKI: signed attr: pki-status:
13 01 33
CRYPTO_PKI: signed attr: pki-recipient-nonce:
04 10 94 b5 5e 29 66 18 b9 55 56 d6 95 e2 e9 78 b8 5a
CRYPTO_PKI: signed attr: pki-transaction-id:
13 20 38 39 33 34 34 32 30 64 33 63 61 31 36 30 66 36 33 37
62 31 61 61 38 61 37 39 31 33 64 39 37 36
CRYPTO_PKI: status = 102: certificate request pending
CRYPTO_PKI: All enrollment requests completed.
Insert Selfsigned Certificate:
30 82 01 bf 30 82 01 69 02 20 38 39 33 34 34 32 30 64 33 63
61 31 36 30 66 36 33 37 62 31 61 61 38 61 37 39 31 33 64 39
37 36 30 0d 06 09 2a 86 48 86 f7 0d 01 01 04 05 00 30 5b 31
...and that's it.
I've configured the Pix with "ca configure <ca-nick> ra 1 20" so it
should try every minute to get the certificate and stop after 20 trys.
But the pix insert the cisco self signed certificate directly after
submitting the request to openca.
When I process the request through openca, and issue the certificate I
have to do the enrollment again to "import" the certificate into the
PIX.
Does anybody know a solution, so that its possible to receive the
Certificate within the "first enroll process"???
Thanks for your help!!!
-------------------------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier.
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Openca-Users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openca-users
