Hi Oliver, you are right. The package "openca-tools" was missing. After I installed it, I reran the request and a workflow of type enrollment was created, as like you mentioned. Afterwards I manually approved it but for some reason I cannot finish it. It keeps in state PREPARED (Paused) with reason: "Certificate signing token is not online"
Will reconsult the SCEP docs and revise what I did so far. Thanks, Marian On 12/11/15 10:22, Oliver Welter wrote: > Hi Marian, > > can you check the openxpki.log for any useful errors, and did you > install the "openca-tools" package? > > Oliver > > Am 11.12.2015 um 09:52 schrieb Marian Thieme: >> Hi Oliver, >> >> thank you for the hint. Seems like there is not yet an adequate workflow >> arranged. >> >> Regards, >> Marian >> >> On 12/11/15 08:27, Oliver Welter wrote: >>> Hi Marian, >>> >>> sorry if this question sounds to stupid, but: Is the OpenXPKI daemon >>> running? >>> >>> If so, can you please check the openxpki.log and check on the WebUI -> >>> Workflow Search if a workflow of type "enrollment" was created. >>> >>> Oliver >>> >>> Am 10.12.2015 um 23:44 schrieb Marian Thieme: >>>> Dear openxpki-users ! >>>> >>>> I have a problem regarding the scep servive. >>>> >>>> I followed this howto: >>>> http://openxpki.readthedocs.org/en/latest/quickstart.html >>>> >>>> In order to test scep service, I got the sscep client >>>> (https://github.com/certnanny/sscep) and created a certificate signing >>>> request, with command lines as described in the howto. >>>> >>>> The results was not successful: >>>> >>>> Server side logs: >>>> >>>> /var/log/apache2/access.log >>>> 192.168.56.1 - - [10/Dec/2015:22:36:26 +0100] "GET >>>> /scep/scep?operation=PKIOperation&message=MIIKCg... HTTP/1.0" 500 810 >>>> "-" "-" >>>> >>>> /var/log/apache2/error.log >>>> [Thu Dec 10 22:36:26 2015] scep: Use of uninitialized value $result in >>>> print at /usr/lib/cgi-bin/scep line 135. >>>> [Thu Dec 10 22:36:26.734078 2015] [cgid:error] [pid 1754:tid >>>> 140114634200832] [client 192.168.56.1:55138] End of script output >>>> before >>>> headers: scep >>>> >>>> /var/openxpki/scep.log >>>> 2015/12/10 22:36:26 DEBUG:1935 Used configfile >>>> /etc/openxpki/scep/default.conf >>>> 2015/12/10 22:36:26 INFO:1935 Incoming request from 192.168.56.1 with >>>> PKIOperation >>>> >>>> Client: >>>> $ ./sscep_static enroll -u http://192.168.56.219/scep/scep -k >>>> tmp/scep-test.key -r tmp/scep-test.csr -c tmp/cacert-0 -l >>>> tmp/scep-test.crt -t 10 -n 1 -v >>>> >>>> ./sscep_static: starting sscep, version 0.6.1 >>>> ./sscep_static: new transaction >>>> ./sscep_static: transaction id: D41D8CD98F00B204E9800998ECF8427E >>>> ./sscep_static: hostname: 192.168.56.219 >>>> ./sscep_static: directory: scep/scep >>>> ./sscep_static: port: 80 >>>> ./sscep_static: Read request with transaction id: >>>> 1F60D3FEF28924F69BEA4AAA9DD158FB >>>> ./sscep_static: generating selfsigned certificate >>>> ./sscep_static: SCEP_OPERATION_ENROLL >>>> ./sscep_static: sending certificate request >>>> ./sscep_static: creating inner PKCS#7 >>>> ./sscep_static: inner PKCS#7 in mem BIO >>>> ./sscep_static: request data dump >>>> -----BEGIN CERTIFICATE REQUEST----- >>>> MIICi... >>>> -----END CERTIFICATE REQUEST----- >>>> ./sscep_static: data payload size: 654 bytes >>>> ./sscep_static: successfully encrypted payload >>>> ./sscep_static: envelope size: 1096 bytes >>>> ./sscep_static: creating outer PKCS#7 >>>> ./sscep_static: signature added successfully >>>> ./sscep_static: adding signed attributes >>>> ./sscep_static: adding string attribute transId >>>> ./sscep_static: adding string attribute messageType >>>> ./sscep_static: adding octet attribute senderNonce >>>> ./sscep_static: PKCS#7 data written successfully >>>> ./sscep_static: applying base64 encoding >>>> ./sscep_static: base64 encoded payload size: 3486 bytes >>>> ./sscep_static: server returned status code 500 >>>> ./sscep_static: mime_err: HTTP/1.1 500 Internal Server Error >>>> Date: Thu, 10 Dec 2015 21:36:26 GMT >>>> Server: Apache/2.4.10 (Debian) >>>> Content-Length: 618 >>>> Connection: close >>>> Content-Type: text/html; charset=iso-8859-1 >>>> >>>> <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"> >>>> <html><head> >>>> <title>500 Internal Server Error</title> >>>> </head><body> >>>> <h1>Internal Server Error</h1> >>>> <p>The server encountered an internal error or >>>> misconfiguration and was unable to complete >>>> your request.</p> >>>> <p>Please contact the server administrator at >>>> webmaster@localhost to inform them of the time this error occurred, >>>> and the actions you performed just before this error.</p> >>>> <p>More information about this error may be available >>>> in the server error log.</p> >>>> <hr> >>>> <address>Apache/2.4.10 (Debian) Server at ca-server1.fritz.box Port >>>> 80</address> >>>> </body></html> >>>> >>>> ./sscep_static: wrong (or missing) MIME content type >>>> ./sscep_static: error while sending message >>>> >>>> ------------------------------------------------------------------------------ >>>> >>>> >>>> _______________________________________________ >>>> OpenXPKI-users mailing list >>>> [email protected] >>>> https://lists.sourceforge.net/lists/listinfo/openxpki-users >>>> >>> >>> >>> >>> >>> ------------------------------------------------------------------------------ >>> >>> >>> >>> >>> _______________________________________________ >>> OpenXPKI-users mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/openxpki-users >>> >> >> ------------------------------------------------------------------------------ >> >> _______________________________________________ >> OpenXPKI-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/openxpki-users >> > > > > > ------------------------------------------------------------------------------ > > > > _______________________________________________ > OpenXPKI-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/openxpki-users > ------------------------------------------------------------------------------ _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
