Hi Geert, Mmm.. interesting problem.. did you applied the patches we have on the WiKi ? Some of them seem related to your problem.. I will look into it, but it definitely seems a problem related to overflow due to the long certificate serial number...
I hope the problem is within the cmdScepPKIOperation.. otherwise is somewhere in the libs... maybe the DBI.pm... do you know what the $csr->getSerial() on your certificate returns ? Cheers, Max On 05/21/2010 09:22 AM, Geert Hendrickx wrote:
Hi, I'm setting up OpenCA 1.1.0 as a SCEP server for network of Cisco VPN routers. Putting everything on one machine initially, so dataexchange=0. I can sometimes succesfully enroll certificates via SCEP, and sometimes not. When the certificate request is queued in OpenCA, the SCEP client keeps polling periodically for the signed certificate. Once signed, and the SCEP client tries to retrieve it, I get the following error in stderr.log:The compilation of the command cmdScepPKIOperation failed. Can't call method "getPEM" on an undefined value at (eval 157) line 239.The code is: my $cert = $certs[0]; $tools->saveFile (FILENAME => $cert_file,DATA=>$cert->getPEM()); Similarly, from the Certificate Requests> Archived menu, when I click on the certificate serial in the list, I get:The compilation of the command cmdViewCSR failed. Can't call method "getSerial" on an undefined value at (eval 192) line 338.Code: if (scalar @certs) { my $list = ""; foreach my $cert (@certs) { $list .= "<a href=\"$self?cmd=viewCert&key=".$cert->getSerial()."\">".$cert->getParsed()->{HEX_SERIAL} ."</a> "; [...] In both cases, it seems like $cert is not defined? Some certificates trigger this, others do not and they work perfectly. So far, I have no clue what is different, they are generated in an identical way (using the sscep test client). In the database, they look like: mysql> select req_key, cn, status, cert_key from certificate order by req_key; +---------+-----------------------+--------+---------------------------+ | req_key | cn | status | cert_key | +---------+-----------------------+--------+---------------------------+ | 2593 | 1.2.3.4 | VALID | 1199873750200721283069710 | | 2849 | 1.2.3.5 | VALID | 52919982767718649172526 | | 3105 | 1.2.3.6 | VALID | 1153613265481238870951402 | | 3361 | 1.2.3.7 | VALID | 828877077058826999604579 | +---------+-----------------------+--------+---------------------------+ The first three work, the last one gives the above errors. However if I now do the following update, it works: UPDATE certificate SET cert_key=req_key WHERE req_key=3361; (ie. set cert_key to 3361) The SCEP client can now succesfully retrieve its certificate and I can view it in the webinterface. Is there something wrong with my database? I have initiated it from the CA webinterface. Or my config? I haven't changed much config apart from some names, paths, and USE_LOAS=no (and verified that isn't causing this issue). Any idea? Geert
--
Best Regards,
Massimiliano Pala
--o------------------------------------------------------------------------
Massimiliano Pala [OpenCA Project Manager] ope...@acm.org
project.mana...@openca.org
Dartmouth Computer Science Dept Home Phone: +1 (603) 369-9332
PKI/Trust Laboratory Work Phone: +1 (603) 646-8734
--o------------------------------------------------------------------------
People who think they know everything are a great annoyance to those of us
who do.
-- Isaac Asimov
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------
_______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
