Hello
I'm having trouble with requesting certificates using the scep
interface. Our cisco routers are configured to generate a CSR that looks
like this:
unstructuredName=hostname.fqdn+unstructuredAddress=10.20.30.40,OU=VPN
This was working fine for quite some time and I've contributed some
patchs to openxpki to make those attributes works. Now we're facing a
problem that the scep server doesn't correctly translates those oids
back to readable names.
Our Enroll Profile Subject is set to:
subject:
dn: unstructuredName=[% UNSTRUCTUREDNAME.0
%]+unstructuredAddress=[% UNSTRUCTUREDADDRESS.0 %],OU=VPN
In the workflow context I see that the request has failed due to an
invalid subject
unstructuredName=+unstructuredAddress=,OU=VPN
While the csr_subject correctly states
1.2.840.......=hostname.fqdn+1.2.840......=10.20.30.40,OU=VPN
To make things more confusing. If we do an manual enrollment on the
router, upload the correct/same CSR file via WebUI everything gets
parsed and build correctly. So there must be something strange happeing
the the SCEP Request parser.
btw. I had the issue with the LibSCEP backend. Then I switch to the
newer 3.18+ SCEP Server backend, but issue is still present (invalid
subject with every scep request).
Maybe somebody has an idea.
--
Best regards
Daniel Hoffend
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
