Hi Oliver, thank you very much for your support. I just pulled the CertNanny sscep-client directly from the github repository again and built it with autoconf. And now it works. I can create a certificate enrollment request which automatically waits until I approve it and after that the certificate is written to the out-file accordingly.
Regards and enjoy your sunday, Daniel Am 15.03.20 um 08:53 schrieb Oliver Welter: > F'up: decrypting the PKCS7 shows that there is plain text inside (this > should be a DER encoded PKCS10 request!) > > openssl smime -inform pem -in innerbad.p7 -inkey ra.key -decrypt > Enter pass phrase for ra.key: > PKCS7_ISSUER_AND_SUBJECT: > subject: C=DE, ST=Hessen, L=MyCity, O=My Company, OU=Infrastructure, > CN=testclient01 > issuer: CN=oxidemo.rackport.net:scep-ra > > We might need some better error handling in OXI but the root cause is > that sscep sends a broken request. > > Oli > > Am 15.03.20 um 08:37 schrieb Oliver Welter: >> Hi Daniel, >> >> thank you for the logs - after anlysing them it looks like the sscep >> binary creates an empty payload. >> >> Your request: >> >> 661:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data >> 672:d=4 hl=2 l= 17 cons: SEQUENCE >> 674:d=5 hl=2 l= 5 prim: OBJECT :des-cbc >> 681:d=5 hl=2 l= 8 prim: OCTET STRING [HEX >> DUMP]:712A21119E349AE6 >> 691:d=4 hl=3 l= 160 prim: cont [ 0 ] >> >> My request: >> >> 658:d=3 hl=4 l=1250 cons: SEQUENCE >> 662:d=4 hl=2 l= 9 prim: OBJECT :pkcs7-data >> 673:d=4 hl=2 l= 17 cons: SEQUENCE >> 675:d=5 hl=2 l= 5 prim: OBJECT :des-cbc >> 682:d=5 hl=2 l= 8 prim: OCTET STRING [HEX >> DUMP]:FACD1286CEAF27E8 >> 692:d=4 hl=4 l=1216 prim: cont [ 0 ] >> >> Oliver > > > > _______________________________________________ > OpenXPKI-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/openxpki-users
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
