Hi again,
if sscep getca is successful then create private key, csr and try the
enrollment process (you can find the commands in the quick start guide).
The scep url should not be loaded via browser. It should be called only via
the sscep tool.
SCEP is very useful for automation purposes - like automatic
enrollment/renewal of SSL certificates from networking devices,
infrastructure systems and etc.
Regards,
Cho
On Wed, May 18, 2016 at 2:27 PM, Bhagyashree Chagi <
[email protected]> wrote:
> Thanks for the information.
>
> we tried below commands
>
> # a2enmod cgi
> # service apache2 restart
>
> And now we are able to download CA certificate using following command
>
> ./sscep getca -c tmp/cacert -u http://yourhost/scep/scep
>
> But I just wanted to know whether any web page will be displayed when I
> open below link
>
> http://yourhost/scep/scep
>
> As we are getting below error
>
> I18N_OPENXPKI_CLIENT_SCEP_INVALID_OP
>
> Thanks,
> Bhagyashree.
>
>
>
> On Wed, May 18, 2016 at 4:05 PM, Cho Chan <[email protected]> wrote:
>
>> Hi Bhagyashree,
>>
>> I think in Debian - apache mod_cgi is not enabled by default. Check in
>> /etc/apache2/mods-enabled if you have cgid.conf and cgid.load correctly
>> pointing to the same files in ../mods-available/.
>> Something like:
>> lrwxrwxrwx 1 root root 27 Apr 5 16:08 cgid.conf ->
>> ../mods-available/cgid.conf
>> lrwxrwxrwx 1 root root 27 Apr 5 16:08 cgid.load ->
>> ../mods-available/cgid.load
>>
>> If not - enable the module and restart apache:
>>
>> # a2enmod cgi
>> # service apache2 restart
>>
>> After that try to use scep to enroll.
>>
>> Regards,
>> Cho
>>
>> On Fri, May 13, 2016 at 3:56 PM, Oliver Welter <[email protected]> wrote:
>>
>>> Hi Bhagyashree,
>>>
>>> first, I would appreciate if you can create a new mail for each problem.
>>>
>>> To your problem: This soungs like your apache config is incomplete, the
>>> SCEP service is provided by a script in cgi-bin and you need a proper Alias
>>> definition:
>>>
>>> ScriptAlias /scep /usr/lib/cgi-bin/scep
>>>
>>> Oliver
>>>
>>> Am 11.05.2016 um 13:50 schrieb Bhagyashree Chagi:
>>>
>>>> Thanks alot Martin for the quick response.
>>>>
>>>> we have installed openxpki just by following quickstart guide. openxpki
>>>> CA is setup we are able to enroll through webUI but when I try to use
>>>> scep it is not working. we have even installed openca-tools manually as
>>>> mentioned in quickstart guide. As mentioned in quick start guide I hope
>>>> it should work as it is with default setting but I get an 404 error
>>>> page not found when I use scep url http://localhost/scep/scep.
>>>> even when I use sscep client it throws a error saying "error while
>>>> sending message"
>>>>
>>>> can you please help us know where we have gone wrong or anything else we
>>>> need to set?
>>>>
>>>> Thanks,
>>>> Bhagyashree
>>>>
>>>> Thanks and Regards
>>>> Bhagyashree V. Chagi
>>>> 9916991266
>>>>
>>>> On Wed, May 4, 2016 at 4:39 PM, Martin Bartosch <[email protected]
>>>> <mailto:[email protected]>> wrote:
>>>>
>>>> Hi Bhagyashree,
>>>>
>>>> > I am new to openxpki. As I came across the document that openxPKI
>>>> support for LDAP and file based crl, I just wanted to check whether
>>>> openxpki supports downloading CRL and Publishing CRL to CDP via http
>>>> protocol or not. if yes, please let me know the steps for the same.
>>>>
>>>> OpenXPKI does not directly serve the HTTP protocol. Instead, it is a
>>>> Daemon process running in the background. The frontend part is
>>>> talking to the daemon via a Unix Domain Socket interface.
>>>>
>>>> The frontend requires a web server (e. g. Apache) to work. The web
>>>> server where OpenXPKI is running on will be able to serve additional
>>>> HTTP/HTTPS services besides the OpenXPKI frontend.
>>>>
>>>> If you want to serve HTTP CDPs the correct way is to configure a web
>>>> server (it may or may not be on the same system as OpenXPKI) to
>>>> serve the CDP URL. Then you need to make sure that the CRL that
>>>> OpenXPKI creates is copied into the location where the web server
>>>> can serve it.
>>>>
>>>> Long story short: configure CRL publishing to a file in OpenXPKI.
>>>> The configured path should point to a documentroot subdirectory
>>>> which is accessible via the web server.
>>>> Configure the target path in a way that OpenXPKI can write it and
>>>> the web server can read it.
>>>> Once OpenXPKI writes the file, it can be served by the web server.
>>>>
>>>> HTH,
>>>>
>>>> Martin
>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> Find and fix application performance issues faster with Applications
>>>> Manager
>>>> Applications Manager provides deep performance insights into
>>>> multiple tiers of
>>>> your business applications. It resolves application problems
>>>> quickly and
>>>> reduces your MTTR. Get your free trial!
>>>> https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
>>>> _______________________________________________
>>>> OpenXPKI-users mailing list
>>>> [email protected]
>>>> <mailto:[email protected]>
>>>> https://lists.sourceforge.net/lists/listinfo/openxpki-users
>>>>
>>>>
>>>>
>>>>
>>>>
>>>> ------------------------------------------------------------------------------
>>>> Mobile security can be enabling, not merely restricting. Employees who
>>>> bring their own devices (BYOD) to work are irked by the imposition of
>>>> MDM
>>>> restrictions. Mobile Device Manager Plus allows you to control only the
>>>> apps on BYO-devices by containerizing them, leaving personal data
>>>> untouched!
>>>> https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> OpenXPKI-users mailing list
>>>> [email protected]
>>>> https://lists.sourceforge.net/lists/listinfo/openxpki-users
>>>>
>>>>
>>>
>>> --
>>> Protect your environment - close windows and adopt a penguin!
>>>
>>>
>>>
>>> ------------------------------------------------------------------------------
>>> Mobile security can be enabling, not merely restricting. Employees who
>>> bring their own devices (BYOD) to work are irked by the imposition of MDM
>>> restrictions. Mobile Device Manager Plus allows you to control only the
>>> apps on BYO-devices by containerizing them, leaving personal data
>>> untouched!
>>> https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
>>> _______________________________________________
>>> OpenXPKI-users mailing list
>>> [email protected]
>>> https://lists.sourceforge.net/lists/listinfo/openxpki-users
>>>
>>>
>>
>>
>> ------------------------------------------------------------------------------
>> Mobile security can be enabling, not merely restricting. Employees who
>> bring their own devices (BYOD) to work are irked by the imposition of MDM
>> restrictions. Mobile Device Manager Plus allows you to control only the
>> apps on BYO-devices by containerizing them, leaving personal data
>> untouched!
>> https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
>> _______________________________________________
>> OpenXPKI-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/openxpki-users
>>
>>
>
>
> ------------------------------------------------------------------------------
> Mobile security can be enabling, not merely restricting. Employees who
> bring their own devices (BYOD) to work are irked by the imposition of MDM
> restrictions. Mobile Device Manager Plus allows you to control only the
> apps on BYO-devices by containerizing them, leaving personal data
> untouched!
> https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
> _______________________________________________
> OpenXPKI-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/openxpki-users
>
>
------------------------------------------------------------------------------
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
