Hi everyone, I am currently trying to setup an openxpki server and I am particularly interested in the SCEP server. I am running a debian Jessie fully updated and I am installing using the package. However when I do the initial setup, using a test configuration without changing any parameter and following the documentation, the SCEP enrollment does not work. I am using the SCEP client from certnanny. I put the correct challenge password in the CSR, but the request does not get accepted right away and I have to go into the WebUI to accept it. When I accept the request, it fails. Here is the complete log output:
2019-04-30 10:14:38 UTC ERROR Original error: I18N_OPENXPKI_TOOLKIT_COMMAND_FAILED; __ERRVAL__ => I18N_OPENXPKI_CRYPTO_CLI_EXECUTE_FAILED; __EXIT_STATUS__ => 256; __COMMAND__ => OpenXPKI::Crypto::Backend::OpenSSL::Command::issue_cert ([undef]) 2019-04-30 10:14:38 UTC WARN NICE issueCertificate failed but pause_on_error is requested ([undef]) 2019-04-30 10:14:38 UTC INFO start cert issue for serial 767, workflow 767 ([undef]) 2019-04-30 10:14:38 UTC INFO persisted csr for CN=,DC=Test Deployment,DC=OpenXPKI,DC=org with csr_serial 767 ([undef]) 2019-04-30 10:14:38 UTC INFO Approval points for workflow 767: 1 ([undef]) 2019-04-30 10:14:38 UTC INFO Unsigned approval for workflow 767 by user raop, role RA Operator ([undef]) 2019-04-30 10:14:14 UTC INFO Trigger notification message enroll_approval_pending ([undef]) 2019-04-30 10:14:14 UTC INFO Eligibility check for scep.scep-server-1.eligible.initial failed ([undef]) 2019-04-30 10:14:13 UTC INFO validate challenge using compare validated ([undef]) 2019-04-30 10:14:13 UTC INFO Trusted Signer not found in trust list (O=Internet Widgits Pty Ltd,ST=Some-State,C=NK). ([undef]) 2019-04-30 10:14:13 UTC WARN Trusted Signer chain validation FAILED ([undef]) 2019-04-30 10:14:12 UTC INFO Rendering subject: CN=,DC=Test Deployment,DC=OpenXPKI,DC=org ([undef]) I have only typed the command listed in the readthedocs and changed C=NK during the CSR generation. Everything else works great ! Would be great if you could help me solve this one. Best, Nicolas Merle
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
