Hi Carlos, Thanks for the response.
I can reach the SCEP interface over HTTP no problem.
Here is access_control/scep.xml
<openca>
<access_control>
<channel>
<!-- access control disabled for scep -->
<type>mod_ssl</type>
<protocol>http</protocol>
<!-- PLEASE: filter the source IP because it is really simple
-->
<!-- to spam a scep interface -->
<source>.*</source>
<asymmetric_cipher>.*</asymmetric_cipher>
<asymmetric_keylength>0</asymmetric_keylength>
<symmetric_cipher>.*</symmetric_cipher>
<symmetric_keylength>0</symmetric_keylength>
</channel>
<login>
<!-- SCEP is complete own protocol -->
<type>none</type>
</login>
<acl_config>
<acl>yes</acl>
<list>/appl/openca-1.0.2/openca/etc/openca/rbac/acl.xml</list>
<command_dir>/appl/openca-1.0.2/openca/etc/openca/rbac/cmds</command_dir>
<module_id>33</module_id>
<map_role>no</map_role>
<map_operation>yes</map_operation>
</acl_config>
</access_control>
<token_config_file>/appl/openca-1.0.2/openca/etc/openca/token.xml</token_config_file>
</openca>
Any other ideas?
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Keep yourself connected to Go Parallel: TUNE You got it built. Now make it sing. Tune shows you how. http://goparallel.sourceforge.net
_______________________________________________ Openca-Users mailing list Openca-Users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openca-users
