Hi, ...I'm currently deploying openxpki in a lab to test scep support with cisco routers. So far everything worked well (I only called the sample script to generate the demo-ca). The sscep cli client worked (as far as I understand the output): root@CA-SERVER:/tmp# /root/sscep-master/sscep_dyn enroll -u http://localhost/scep/scep -k /tmp/scep-test.key -r /tmp/scep-test.csr -c \ /tmp/cacert-0 -l /tmp/scep-test.crt -t 10 -n 1 /root/sscep-master/sscep_dyn: sending certificate request /root/sscep-master/sscep_dyn: valid response from server /root/sscep-master/sscep_dyn: reply transaction id: C0BCC871E9BC28C0399EF45DAD2603CE /root/sscep-master/sscep_dyn: pkistatus: SUCCESS /root/sscep-master/sscep_dyn: Subject of our request does not match that of the returned Certificate! root@CA-SERVER:/tmp# But when I configure a cisco router to fetch the ca certs via GetCaCert, I'm running into a timeout (on the cisco router). Unfortunately, the logs don't really tell me more about the problem. the scep.log is pretty calm: 2015/09/07 13:46:36 INFO:12541 Incoming request from 172.16.1.1 with GetCACert 2015/09/07 14:01:02 DEBUG:12600 Used configfile /etc/openxpki/scep/default.conf ...but it looks different from what the sscep client produces in the log: 2015/09/07 14:01:02 DEBUG:12600 Used configfile /etc/openxpki/scep/default.conf 2015/09/07 14:01:02 INFO:12600 Incoming request from 127.0.0.1 with PKIOperation (...GetCACert vs. PKIOperation) Is there a known issue with cisco IOS <-> openxpki/SCEP? Or how could I further proceed to troubleshoot this situation? Thanks, Andy
------------------------------------------------------------------------------
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
