Hi, ...small update on my previous post:
On Monday 07 September 2015 14:25:05 Andreas Bourges wrote: > root@CA-SERVER:/tmp# /root/sscep-master/sscep_dyn enroll -u [...] Just realized, that I copied the enrollment request from the cli client. GetCACert request works, too: root@CA-SERVER:~/sscep-master# /root/sscep-master/sscep_dyn getca -u http://localhost/scep/scep -i "ca-one" -c ca-one.ca -> gives me three certificates from the CA the logs in the scep.log look identical: 2015/09/07 15:06:08 DEBUG:3158 Used configfile /etc/openxpki/scep/default.conf 2015/09/07 15:06:08 INFO:3158 Incoming request from 172.16.1.1 with GetCACert 2015/09/07 15:11:21 DEBUG:3266 Used configfile /etc/openxpki/scep/default.conf 2015/09/07 15:11:21 INFO:3266 Incoming request from 127.0.0.1 with GetCACert (172.16.1.1 was the ios router, 127.0.0.1 the cli client) The access-log from apache shows a slightly different GET-URL: 172.16.1.1 - - [07/Sep/2015:13:34:24 +0200] "GET /scep/default/pkiclient.exe?operation=GetCACert&message=ca-one HTTP/1.0" 200 2889 "-" "Mozilla/4.0 (compatible; MSIE 5.0; Cisco PKI)" 127.0.0.1 - - [07/Sep/2015:15:13:22 +0200] "GET /scep/scep?operation=GetCACert&message=ca- one HTTP/1.0" 200 2889 "-" "-" -> since in both cases the default configuration is used, I'd assume that "pkiclient.exe" from CISCO IOS does not bother the scep-script?! -----------> UPS! Just recognized, that there was a mtu issue within my test-network ;-) After adjusting the mtu, everything works fine ;-) Thanks anyway, Andy
------------------------------------------------------------------------------
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
