[OpenXPKI-users] can't get SCEP to work, v3.24 Error executing SCEP command 'PKIOperation'

Thu, 17 Aug 2023 16:45:44 -0700 

I'm back at it…
I built a clean install of 3.24 (current on FreeBSD).

My first question is: is there any way to increase overall verbosity of the
logs? I saw a reference for an older version but wasn't sure if it was
still valid.
Secondly, anyone have any troubleshooting tips?

no matter what I do, I get this in the logs:

2023/08/17 16:29:04 openxpki.system.ERROR
I18N_OPENXPKI_CRYPTO_API_COMMAND_ILLEGAL_PARAM; __COMMAND_PATH__ => PKCS7,
__COMMAND__ => get_message_type [pid=96378|sid=wvGP]
2023/08/17 16:29:04 openxpki.system.ERROR Error executing SCEP command
'PKIOperation': I18N_OPENXPKI_CRYPTO_API_COMMAND_ILLEGAL_PARAM;
__COMMAND_PATH__ => PKCS7, __COMMAND__ => get_message_type
[pid=96378|sid=wvGP]
2023/08/17 16:32:13 openxpki.system.ERROR Error executing SCEP command
'PKIOperation': I18N_OPENXPKI_CRYPTO_API_COMMAND_ILLEGAL_PARAM;
__COMMAND_PATH__ => PKCS7, __COMMAND__ => get_message_type
[pid=96425|sid=wqxy]

I'm using sscep on a client:
sscep enroll \
-u http://scep.dzsec.net/scep/ \
-c ./cacert-0 \
-k /usr/local/etc/raddb/certs/yellowstone.dzsec.net.key \
-r /usr/local/etc/raddb/certs/yellowstone.dzsec.net.csr \
-l /usr/local/etc/raddb/certs/yellowstone.dzsec.net.crt \
-e ./cacert-1 \
-E des3 \
-H sha256 \
-V

(cert-0 is the scep cert and cert-1 is the CA… I've also tried a more
simple sscep command with just the CA and with just the scep cert. )

openxpkicli  get_token_info --arg alias=scep
{
   "key_name" :
"7A:0C:EE:B3:15:77:58:35:BF:82:1B:F0:13:44:BB:F5:53:50:D3:0C",
   "key_secret" : 1,
   "key_store" : "DATAPOOL",
   "key_usable" : 1
}

In crypto.yml:

  scep:
    inherit: default
    backend: OpenXPKI::Crypto::Tool::SCEP
    key_store: DATAPOOL
    key: "[% KEY_IDENTIFIER %]"
    secret: dzsecsec


scep/default.conf:

[global]
socket=/var/openxpki/openxpki.socket
realm=dzsec
servername=generic
service=SCEP
iprange=0.0.0.0/0
log_config = /usr/local/etc/openxpki/scep/log.conf
log_facility = client.scep
#encryption_algorithm=aes192
#hash_algorithm=SHA256
encryption_algorithm=3DES
hash_algorithm=SHA256


[logger]
log_level = TRACE

[auth]
stack=_System
[PKIOperation]
param = signature

_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users






















					Reply via email to