Hi Oliver, I called both "Issue a certificate revocation list (CRL)" as well as "Publish CA/CRL" and I can see the list under "Show Revocation Lists (CRL)". Just the SCEP doesn't return anything.
I am using the Jarkko Turkulainen's sscep 0.7.0 with some of the pull requests applied. https://github.com/certnanny/sscep Petr -----Original Message----- From: Oliver Welter [mailto:[email protected]] Sent: Saturday, June 27, 2020 1:59 PM To: [email protected] Subject: Re: [OpenXPKI-users] Failure when obtaining CRL via SCEP Hi Petr, did you generate a CRL on the PKI already? The default wokrflows of OpenXPKI do not create a CRL when a certificate is revoked - usually you create a cronjob/timer to trigger the CRL creation once a day so its likely that there is no CRL at all. If this is not the case, what SCEP client are you using? As GetCRL via SCEP is a very rarely used feature we have seen several clients not implementing this right so the request send to the server is no what OpenXPKI expects. Oliver Am 26.06.20 um 19:59 schrieb Petr Gotthard: > Hello, > > I successfully enrolled a certificate via SCEP. Then I enrolled another > one with the same subject, so I got another certificate and the first > got revoked. So far so good. > > I can see the revoked certificate on the website, but I have troubles > obtaining the CRL via SCEP: I am sending the getcrl request using the > newly enrolled key/cert, using the same CA certificate I used for > enrollment, but I am getting pkistatus FAILURE, indicating "No > certificate could be identified matching". The server logs show no error > (as far as I found). > > Do you please have any hints what could be wrong? I am using the > certificate I just enrolled from the same CA, why does it say there is > none matching? > > Am I supposed to retrieve the entire CRL, including the entries matching > my own subject, or is there some filtering done? > > Kind Regards, > > Petr _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
