Dear Users,
When I try to enroll a cert with sscep, I get
sscep: successfully encrypted payload
sscep: envelope size: 1246 bytes
sscep: creating outer PKCS#7
sscep: PKCS#7 data written successfully
sscep: payload size: 2630 bytes
sscep: connecting to localhost:8080
*sscep: server response status code: 500, MIME header: text/html*
sscep: wrong (or missing) MIME content type
sscep: error while sending message
*sscep getca works, I get 3 ca-cert files.*
openxpki.log shows
2023/11/16 21:23:11 INFO Login successful (user: Anonymous, role:
System) [pid=147|sid=jAHL]
2023/11/16 21:23:11 INFO Login successful (user: Anonymous, role:
System) [pid=148|sid=kQij]
2023/11/16 21:23:11 *ERROR OpenSSL error: Could not read private key
from
/var/tmp/openxpki148QvSRMnBh/EE:3D:CC:AF:82:F6:FF:78:90:D8:76:0E:65:99:CC:DE:B3:A2:AF:6F*
40D7C139227F0000:error:1608010C:STORE
routines:ossl_store_handle_load_result:unsupported:../crypto/store/store_result.c:151:
40D7C139227F0000:error:1C800064:Provider
routines:ossl_cipher_unpadblock:bad
decrypt:../providers/implementations/ciphers/ciphercommon_block.c:124:
40D7C139227F0000:error:11800074:PKCS12
routines:PKCS12_pbe_crypt_ex:pkcs12 cipherfinal
error:../crypto/pkcs12/p12_decr.c:86:maybe wrong password
pkeyutl: Error initializing context
[pid=148|user=Anonymous|role=System|sid=kQij]
2023/11/16 21:23:11 ERROR I18N_OPENXPKI_CRYPTO_CLI_EXECUTE_FAILED;
__COMMAND__ => pkeyutl -decrypt -inkey
/var/tmp/openxpki148QvSRMnBh/EE:3D:CC:AF:82:F6:FF:78:90:D8:76:0E:65:99:CC:DE:B3:A2:AF:6F
-in /var/tmp/openxpki148HN3vrxqD -out /var/tmp/openxpki148O0umHE5Y
-passin env:pwd, __EXIT_STATUS__ => 256
[pid=148|user=Anonymous|role=System|sid=kQij]
2023/11/16 21:23:11 ERROR I18N_OPENXPKI_TOOLKIT_COMMAND_FAILED;
__COMMAND__ =>
OpenXPKI::Crypto::Backend::OpenSSL::Command::decrypt_digest, __ERRVAL__
=> I18N_OPENXPKI_CRYPTO_CLI_EXECUTE_FAILED; __COMMAND__ => pkeyutl
-decrypt -inkey
/var/tmp/openxpki148QvSRMnBh/EE:3D:CC:AF:82:F6:FF:78:90:D8:76:0E:65:99:CC:DE:B3:A2:AF:6F
-in /var/tmp/openxpki148HN3vrxqD -out /var/tmp/openxpki148O0umHE5Y
-passin env:pwd, __EXIT_STATUS__ => 256
[pid=148|user=Anonymous|role=System|sid=kQij]
*This is how I set up my local openxpki:*
git clone https://github.com/openxpki/openxpki-docker.git
cd openxpki-docker
make compose
docker exec -it openxpki_openxpki-server_1 sh -c
/etc/openxpki/contrib/sampleconfig.sh
config.d/realm.tpl/scep/generic.yaml is the original.
*This is how I executed sscep:*
openssl genrsa -out ${workdir}/client-key.pem 2048
openssl req -new -key ${workdir}/client-key.pem -out
${workdir}/client-csr.pem -config certreq.conf
sscep enroll -u http://localhost:8080/scep/scep \
-v \
-k ${workdir}/client-key.pem -r ${workdir}/client-csr.pem \
-c ${workdir}/ca-certs.pem-0 \
-l ${workdir}/client-cert.pem \
-t 10 -n 1
*certreq.conf content is:*
[ req ]
prompt = no
distinguished_name = req_distinguished_name
attributes = req_attributes
[ req_attributes ]
challengePassword=SecretChallenge
[ req_distinguished_name ]
CN=epp1_https
*What is wrong here? What else needs to be set up?*
Regards,
Daniel
_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users
