[Openca-Users] Help with SCEP response

Thu, 14 Jan 2016 05:29:58 -0800 

Hi There,

I am new to this list and openca-scep as well.  What I try to do is sending 
valid SCEP messages to iOS units and what I get is "Profile Installation 
Failed" "The SCEP server returned an invalid response".  Actually the response 
is valid on OS X devices and those accept the scep response and finally install 
the mobileconfig files I try to put on them.  Would you please look through my 
commands below and pinpoint any issue what might look invalid?

1. PKIOperation message is received, payload is saved as File
2. File is url decoded (from iOS only, that is not needed for OS X)
3. File is base64 decoded and saved as File.baseless
4. openssl pkcs7 -inform der -in File.baseless -outform pem -out File.pkcs7
5. openca-scep -in File.pkcs7 -print_scert -noout >File.cer
6. openca-scep -in File.pkcs7 -print_transid -noout
7. openssl smime -verify -noverify -inform pem -in File.pkcs7 -signer File.cer
8. openca-scep -in File.pkcs7 -print_msgtype  -noout   #checked against PKCSReq
9. openca-scep -in File.pkcs7 -print_req -noout -out File.csr -keyfile 
root_ca.key -passin pass:Password  # CN is checked in the csr file and is 
correct
10. openssl x509 -req -in File.csr -CA root_ca.crt -CAkey root_ca.key -out 
File.signed.device.crt -days 3650 -CAcreateserial -CAserial 
"uuidgen-generated-serial" -passin pass:Password
11. openca-scep -in File.pkcs7 -new -signcert root_ca.crt -msgtype CertRep 
-status SUCCESS -outform DER -reccert File.cer -issuedcert 
File.signed.device.crt -out File.for.device.out -keyfile root_ca.key -passin 
pass:Password
12. Optionally base64 encoding the File.for.device.out (tried both, OS X 
accepts both versions, iOS accepts none)
13. Sending the File.for.device.out in http(s) as a "Content-Type: 
application/x-pki-message"

Is there any obvious mistake in how I use openca-scep what might generate an 
invalid result? Any suggestion on how to fix it is highly appreciated.

Thank you,
Sandor

------------------------------------------------------------------------------
Site24x7 APM Insight: Get Deep Visibility into Application Performance
APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month
Monitor end-to-end web transactions and take corrective actions now
Troubleshoot faster and improve end-user experience. Signup Now!
http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________
Openca-Users mailing list
Openca-Users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openca-users

Reply via email to