Bonjour, we have created a SCEP profile for auto-enrollment of Teradici PCoIP thin clients.but enrollment doesn't succeed. PKCS10 Certificate Request:Version: 1Subject: CN=pcoip-portal-0b132eb00000 Name Hash(sha1): b7c979722597e2a7d9182c55731e83f1b265f77f Name Hash(md5): f051c5aa753d662e06358f2ac50cb304 Public Key Algorithm: Algorithm ObjectId: 1.2.840.113549.1.1.1 RSA Algorithm Parameters: 05 00Public Key Length: 2048 bitsPublic Key: UnusedBits = 0 XXXXXXXXXXXXXXXXXXXXRequest Attributes: 2 2 attributes: Attribute[0]: 1.2.840.113549.1.9.7 (Challenge Password) Value[0][0], Length = 11 SecretChallenge Attribute[1]: 1.2.840.113549.1.9.14 (Certificate Extensions) Value[1][0], Length = 3bCertificate Extensions: 2 2.5.29.15: Flags = 1(Critical), Length = 4 Key Usage Digital Signature, Key Encipherment (a0) 2.5.29.17: Flags = 0, Length = 20 Subject Alternative Name Other Name: Principal Name=0b132eb00000 Signature Algorithm: Algorithm ObjectId: 1.2.840.113549.1.1.5 sha1RSA Algorithm Parameters: 05 00Signature: UnusedBits=0 XXXXXXXXXXXXXXXXXXXXXXXXX Openxpki --> workflow.log 2023/03/01 11:44:15 131839 Rendering subject: CN=pcoip-portal-0b132eb000002023/03/01 11:44:15 131839 Trusted Signer chain - certificate is self signed2023/03/01 11:44:15 131839 Trusted Signer not found in trust list (CN=pcoip-portal-0b132eb00000).2023/03/01 11:44:15 131839 validate challenge using compare validated2023/03/01 11:44:15 131839 Policy subject duplicate check failed, found certs Q0M7fsb2PbDUKeLIfU_Ul301Fak2023/03/01 11:44:15 131839 Eligibility check for scep.generic.eligible.initial failed2023/03/01 11:44:15 131839 persisted csr for CN=pcoip-portal-0b132eb00000 with csr_serial 494072023/03/01 11:44:15 131839 start cert issue for serial 49407, workflow 1318392023/03/01 11:44:16 131839 Certificate CN=pcoip-portal-0b132eb00000 (1610317443536843212909183) issued by ca-signer-12023/03/01 11:44:16 131839 Trigger notification message enroll_cert_issued2023/03/01 11:44:16 131839 Revocation workflow #132095 reason_code => superseded,flag_auto_approval => 1,cert_identifier => Q0M7fsb2PbDUKeLIfU_Ul301Fak,flag_batch_mode => 12023/03/01 11:44:16 132095 start cert revocation for identifier Q0M7fsb2PbDUKeLIfU_Ul301Fak, workflow 132095
Openxpki --> scep.log 2023/03/01 11:44:10 INF SCEP handler initialized [pid=1573]2023/03/01 11:44:12 INF 40002 [pid=1573]2023/03/01 11:44:12 WAR Client error / malformed request badRequest [pid=1573]2023/03/01 11:44:12 INF Disconnect client [pid=1573]2023/03/01 11:44:16 INF Disconnect client [pid=1573] Terradici PCoIP Log MGMT_SCEP:service_scep_certificates_request: Initiating SCEP certificate request0d,00:02:33.71> LVL:1 RC: -7603 X509_UTIL:get_subject: CA_MGMT_extractCertDistinguishedName failed0d,00:02:33.71> LVL:1 RC:-510 X509_UTIL:get_subject() failed!0d,00:02:33.71> LVL:1 RC:-500 MGMT_SCEP:mgmt_scep_handle_scep_success: ERROR failed to decode the certificate0d,00:02:34.34> LVL:1 RC:-500 MGMT_SCEP:mgmt_scep_request_certificates: Failed to retrieve client certificate0d,00:02:34.34> LVL:2 RC: 0 MGMT_SCEP:service_scep_certificates_request: SCEP certificate request unsuccessful - error: -500
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
