Hi,
I'm setting up OpenCA 1.1.0 as a SCEP server for network of Cisco VPN
routers. Putting everything on one machine initially, so dataexchange=0.
I can sometimes succesfully enroll certificates via SCEP, and sometimes not.
When the certificate request is queued in OpenCA, the SCEP client keeps
polling periodically for the signed certificate. Once signed, and the SCEP
client tries to retrieve it, I get the following error in stderr.log:
> The compilation of the command cmdScepPKIOperation failed. Can't call method
> "getPEM" on an undefined value at (eval 157) line 239.
The code is:
my $cert = $certs[0];
$tools->saveFile (FILENAME => $cert_file,DATA=>$cert->getPEM());
Similarly, from the Certificate Requests > Archived menu, when I click on
the certificate serial in the list, I get:
> The compilation of the command cmdViewCSR failed. Can't call method
> "getSerial" on an undefined value at (eval 192) line 338.
Code:
if (scalar @certs) {
my $list = "";
foreach my $cert (@certs) {
$list .= "<a
href=\"$self?cmd=viewCert&key=".$cert->getSerial()."\">".$cert->getParsed()->{HEX_SERIAL}
."</a> ";
[...]
In both cases, it seems like $cert is not defined?
Some certificates trigger this, others do not and they work perfectly. So
far, I have no clue what is different, they are generated in an identical way
(using the sscep test client).
In the database, they look like:
mysql> select req_key, cn, status, cert_key from certificate order by req_key;
+---------+-----------------------+--------+---------------------------+
| req_key | cn | status | cert_key |
+---------+-----------------------+--------+---------------------------+
| 2593 | 1.2.3.4 | VALID | 1199873750200721283069710 |
| 2849 | 1.2.3.5 | VALID | 52919982767718649172526 |
| 3105 | 1.2.3.6 | VALID | 1153613265481238870951402 |
| 3361 | 1.2.3.7 | VALID | 828877077058826999604579 |
+---------+-----------------------+--------+---------------------------+
The first three work, the last one gives the above errors.
However if I now do the following update, it works:
UPDATE certificate SET cert_key=req_key WHERE req_key=3361;
(ie. set cert_key to 3361)
The SCEP client can now succesfully retrieve its certificate and I can view it
in the webinterface.
Is there something wrong with my database? I have initiated it from the CA
webinterface. Or my config? I haven't changed much config apart from some
names, paths, and USE_LOAS=no (and verified that isn't causing this issue).
Any idea?
Geert
--
Geert Hendrickx -=- g...@telenet.be -=- PGP: 0xC4BB9E9F
This e-mail was composed using 100% recycled spam messages!
------------------------------------------------------------------------------
_______________________________________________
Openca-Users mailing list
Openca-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-users
