Re: [OpenXPKI-users] scep: pkcs7 signature verification error

Tue, 25 Jun 2019 23:05:42 -0700 

Hi Stefan,


> /./sscep_dyn enroll -d -c ca.crt-1 -r testcsr.csr -u
> http://127.0.0.1/scep -l testcert.crt -k privatekey.key/

If you use the default setup with "getca" the RA Certificate to be used
to send the SCEP request is "ca.crt-0". Using the wrong certificate
makes it impossible for the server to unwrap the request  - I just
wonder that you get a HTTP 200 back with, usually you get a Server error
or bad request - can you have a look at the server logs.

Oliver


>  
> 
> I get a HTTP 200 OK message back containing a pkcs7 container
> 
> But, I also get the following error message:
> 
> /./sscep_dyn: PKCS#7 contains 0 bytes of enveloped data/
> 
> /./sscep_dyn: verifying signature/
> 
> /./sscep_dyn: error verifying signature/
> 
> /139950625191568:error:0407006A:rsa
> routines:RSA_padding_check_PKCS1_type_1:block type is not 01:rsa_pk1.c:103:/
> 
> /139950625191568:error:04067072:rsa
> routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed:rsa_eay.c:705:/
> 
> /139950625191568:error:21071069:PKCS7
> routines:PKCS7_signatureVerify:signature failure:pk7_doit.c:1137:/
> 
>  
> 
> Further, I checked the contents of the pkcs7 container. It only contains
> the following certificate /“OpenXPKI CA-One SCEP RA  1”/
> 
> / /
> 
> I have two questions:
> 
>  1. What is wrong regarding the signature verfication error mentioned above?
>  2. Why don’t I get a real certificate back? I probably have to change
>     something in the scep configuration. But I have no idea what?
> 
>  
> 
> Much thanks in advance for your feedback!
> 
>  
> 
>  
> 
> Greetings,
> 
> Stefan
> 
>  
> 
> Verzonden vanuit Mail <https://go.microsoft.com/fwlink/?LinkId=550986>
> voor Windows 10
> 
>  
> 
> 
> 
> _______________________________________________
> OpenXPKI-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/openxpki-users
> 


-- 
Protect your environment -  close windows and adopt a penguin!

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users






















					Reply via email to