Hello all,
I use JSCEP to communicate with a OpenXPKI server (default settings from the
quickstart guide). I can request, poll and get certificates.
The problems appears, when I try to request the CRL from the OpenXPKI server.
Tasks in OpenXPKI:
1) I revoked some of my issued certificates
2) Issued certificate revocation list
3) Published certificate revocation list
When I click on Show revocation lists, I see a list with the following
information:
CN=CA ONE,OU=Test CA,DC=OpenXPKI,DC=ORG
CRL Serial
511
CRL Issuer
CN=CA ONE,OU=Test CA,DC=OpenXPKI,DC=ORG
Last Update
2017-05-16 08:27:38 UTC
Next Update / Expires
2017-05-30 08:27:38 UTC
Items
25
In JSCEP I get the following error, when I try to get the CRL:
org.jscep.transaction.OperationFailureException: Operation failed due to
badCertId
I tried different scenarios. The first scenario was sending the serial number
and the issuer of the certificate, which should be in the CRL:
The openxpki.log on the server has the following error:
2017/05/18 07:51:40 openxpki.application.ERROR:11973
[OpenXPKI::Service::SCEP::Command::PKIOperation
(/usr/lib/x86_64-linux-gnu/perl5/5.20/OpenXPKI/Service/SCEP/Command/PKIOperation.pm:255);
scep-server-1()@00a3] SCEP getcrl - no issuer found for serial
415776007826350848549631 and issuer DC=ORG,DC=OpenXPKI,OU=Test CA,CN=CA ONE
The scep.log on the server has no error:
2017/05/18 07:51:40 DEBUG:11906 Autodetect config file for service scep:
scep.conf
2017/05/18 07:51:40 DEBUG:11906 No config file found, falling back to default
2017/05/18 07:51:40 INFO:11906 Incoming request from X.X.X.X with PKIOperation
2017/05/18 07:51:40 DEBUG:11906 Response send
The second scenario was sending the serial number of the CRL and sending the
CRL issuer:
The openxpki.log on the server has the following error:
2017/05/18 08:00:59 openxpki.application.ERROR:12156
[OpenXPKI::Service::SCEP::Command::PKIOperation
(/usr/lib/x86_64-linux-gnu/perl5/5.20/OpenXPKI/Service/SCEP/Command/PKIOperation.pm:255);
scep-server-1()@f68c] SCEP getcrl - no issuer found for serial 511 and issuer
DC=ORG,DC=OpenXPKI,OU=Test CA,CN=CA ONE
The scep.log on the server has no error:
2017/05/18 08:00:59 DEBUG:11906 Autodetect config file for service scep:
scep.conf
2017/05/18 08:00:59 DEBUG:11906 No config file found, falling back to default
2017/05/18 08:00:59 INFO:11906 Incoming request from X.X.X.X with PKIOperation
2017/05/18 08:00:59 DEBUG:11906 Response send
Could you please give me some hint or any kind of help, thanks!
Regards,
Kevin
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
