hey OpenXPKI friends, I've been struggling with SCEP and could use some help. I have SCEP set up using the default config. When I use sscep I can get the capabilities and get the CA certs. sscep downloads 3 certs (the scep cert, the CA cert, and the root cert). I have fullchain set in the config so that seems correct.
On Apple devices, I'm attempting to install a profile. On OpenXPKI, the logs show the apple devices trying to get the CA. The server sends the certs. And then the apple devices fail. Specifically, apple devices return: errSecCertificateCannotOperate (which is error: -67817). I've tried capturing the exact url queries from the webserver's access logs. When I paste them into a browser, it downloads a file called "untitled". When I examine untitled with OpenSSL, I can see that it is a pkcs7 bundle of the three certs. Could it be as simple as needed a better filename like untiled.p7 ? And, if so, where would I set that in OpenXPKI's config files? I didnt see anything in scep or enrollment files. Or, might this be a different issue? Does anyone have experience with Apple devices and OpenXPKI's SCEP implementation? Any tips or tricks? thanks!
_______________________________________________ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
