Hi Bo,we know that some cisco devices do not work well with scep certificates under a multilevel ca hierarchy. If possible, try to help the router by pointing it to the correct SCEP server certificate or you can try to use a self-signed certificate as SCEP token. Generate a selfsigned certificate using openssl and import it as SCEP token as described on the quickstart page.
Oliver Am 07.02.2017 um 15:01 schrieb Bo Vestergaard:
Hello, I have installed openxpki on Debian Jessie 8.1 using the quickstart guide. Since this is the first time I use openxpki I followed the guide line by line and used the |sampleconfig.sh script to configure it. I want to receive certificates on a Cisco router using SCEP. I can authenticate the CA but I cannot receive a certificate.| | | |I get the error ||||"cannot decrypt request" in openxpki.log. openxpki.log looks like this:| || |2017/02/07 13:08:05 openxpki.application.INFO:2356 [OpenXPKI::Service::SCEP::Command::PKIOperation (/usr/lib/x86_64-linux-gnu/perl5/5.20/OpenXPKI/Serv ice/SCEP/Command/PKIOperation.pm:353); scep-server-1()@aedb] SCEP incoming request, id F44FD03A2D0341956686AB8AA459BEA4 2017/02/07 13:08:05 openxpki.application.INFO:2356 [OpenXPKI::Service::SCEP::Command::PKIOperation (415); scep-server-1()@aedb] SCEP try to start new workflow for F44FD03A2D0341956686AB8AA459BEA4 2017/02/07 13:08:05 openxpki.system.ERROR:2356 [OpenXPKI::Crypto::CLI (/usr/lib/x86_64-linux-gnu/perl5/5.20/OpenXPKI/Crypto/CLI.pm:435); scep-server-1 ()@aedb] OpenSSL error: scep.c:1183: cannot decrypt request | || |I have tried different encryption/hash keys on the router but that doesn't seem to affect it. All the values on openxpki are default so I would think it should "just work". | || |I appreciate that I have not supplied much information but I don't even know what config files you need to see. If anyone can let me know what config files are relevant I will post them.| || |Thanks. | | | ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
-- Protect your environment - close windows and adopt a penguin!
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
