Hi. I´m currently evaluating openxpki PKI for my company. We want to use the
certificate enrollment via SCEP and we have the requirement to change the
RootCA certificate chain (RootCA, IssuerCA and also SCEPCA).
For test purpose I’m using the sscep client and executing the getnexca command.
Openxpki is configured with a upcoming RootCA. Sscep is retrieving the answer
and then it´s segfaulting. After debugging the sscep client I found out that
the ASN.1 parsing of the retrieve PEM failed (and that sscep do not handle this
correct of course 😊 ). I am using OpenSSL in version 1.0.2g. After rolling back
to OpenSSL version 1.0.1e the parsing works and the NextCA certificate is
stored. An article I found (https://github.com/saltstack/salt/issues/27326)
indicates that the parsing of ASN.1 encoded certificate is more strict in newer
OpenSSl version. Now I have the following questions:
1. Can anybody confirm that openxpki (Version (core): 1.20.2) is generating
incomplete cert files with the getnextca scep command?
2. If it is a openxpki bug is there a date when it got fixed?
Thanks in advance
Sebastian
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
