[Openca-Users] Scep cert renewal

Thu, 09 Sep 2010 03:06:22 -0700 

Hi List,

i'm running OpenCA (v 1.1.0) with scep service enabled and today the
following problem occured:
My scep client (sscep) got a valid certificate ( CA signed it with 3 days
validity). When i tried to renew the certificate, i got exactly the same
certificate as in the first time - same "valid until" time. Is this supposed
to be like that? Nevermind, the real problem came when i changed the time
settings on my OpenCA Server in  order to simulate a renewal of a invalid
client certificate. Sscep sends a request and in the OpenCA stderr log i
see:
"...
HTTP_REQUEST_METHOD=GET

REMOTE_ADDR=192.168.253.113

REMOTE_PORT=55581

HTTP_CGI_SCRIPT=scep
HTTP_FULL_CGI_SCRIPT=scep%3Foperation%3DPKIOperation%3Bmessage%.....(encrypted
text)...
OPENCA_AC_CHANNEL_SERVER_SOFTWARE=Apache%2F2.2.14%20%28Ubuntu%29
OPENCA_AC_CHANNEL_REMOTE_ADDRESS=192.168.253.113
OPENCA_AC_INTERFACE=scep
OpenCA::UI::HTML->new: ignoring wrong parameter SUPPORT_EMAIL
OpenCA: General error trapped 700: The compilation of the command
cmdScepPKIOperation failed. Can't call method "getPEM" on an undefined value
at (eval 198) line 238.<br>
Compilation failed in require at /opt/openca/etc/openca/openca_start line
65.
"
while the client says:
"...
sscep: server returned status code 200
sscep: MIME header: x-pki-message
sscep: valid response from server
sscep: reading outer PKCS#7
sscep: PKCS#7 payload size: 4087 bytes
sscep: printing PEM fomatted PKCS#7
-----BEGIN PKCS7-----
-----END PKCS7-----
Segmentation fault
"
This happens after the scep client did send the request and waited 60sec
before polling the server for the signed cert. The Segmentation fault with
sscep seems to be due to the empty PKCS7 container and i guess its more like
a  subsequent error.

Any hints?

Ramon

------------------------------------------------------------------------------
This SF.net Dev2Dev email is sponsored by:

Show off your parallel programming skills.
Enter the Intel(R) Threading Challenge 2010.
http://p.sf.net/sfu/intel-thread-sfd
_______________________________________________
Openca-Users mailing list
Openca-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-users

Reply via email to