Hello, I am using an “out of the box” installation of openxpki on Debian 8. I also compiled the last version of the scep client.
When I run scep with: ./sscep_dyn enroll -d -c ca.crt-1 -r testcsr.csr -u http://127.0.0.1/scep -l testcert.crt -k privatekey.key I get a HTTP 200 OK message back containing a pkcs7 container But, I also get the following error message: ./sscep_dyn: PKCS#7 contains 0 bytes of enveloped data ./sscep_dyn: verifying signature ./sscep_dyn: error verifying signature 139950625191568:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01:rsa_pk1.c:103: 139950625191568:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay.c:705: 139950625191568:error:21071069:PKCS7 routines:PKCS7_signatureVerify:signature failure:pk7_doit.c:1137: Further, I checked the contents of the pkcs7 container. It only contains the following certificate “OpenXPKI CA-One SCEP RA 1” I have two questions: 1. What is wrong regarding the signature verfication error mentioned above? 2. Why don’t I get a real certificate back? I probably have to change something in the scep configuration. But I have no idea what? Much thanks in advance for your feedback! Greetings, Stefan Verzonden vanuit Mail<https://go.microsoft.com/fwlink/?LinkId=550986> voor Windows 10
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
