Here's the key: *OpenSSL error: Could not read private key *
How did you create the key? What's in your scep.yaml and crypto.yaml? What does OpenXPKI expect? On Mon, Nov 27, 2023 at 3:03 PM, Petri Dániel <petri.dan...@prolan-power.hu> wrote: > Any ideas? > > > -------- Továbbított üzenet -------- > Tárgy: scep enroll failure > Dátum: Thu, 16 Nov 2023 21:32:04 +0100 > Feladó: Petri Dániel <petri.dan...@prolan-power.hu> > <petri.dan...@prolan-power.hu> > Címzett: OpenXpki <openxpki-users@lists.sourceforge.net> > <openxpki-users@lists.sourceforge.net> > > Dear Users, > > > When I try to enroll a cert with sscep, I get > > sscep: successfully encrypted payload > sscep: envelope size: 1246 bytes > sscep: creating outer PKCS#7 > sscep: PKCS#7 data written successfully > sscep: payload size: 2630 bytes > sscep: connecting to localhost:8080 > *sscep: server response status code: 500, MIME header: text/html* > sscep: wrong (or missing) MIME content type > sscep: error while sending message > > *sscep getca works, I get 3 ca-cert files.* > > openxpki.log shows > > 2023/11/16 21:23:11 INFO Login successful (user: Anonymous, role: System) > [pid=147|sid=jAHL] > 2023/11/16 21:23:11 INFO Login successful (user: Anonymous, role: System) > [pid=148|sid=kQij] > 2023/11/16 21:23:11 *ERROR OpenSSL error: Could not read private key from > /var/tmp/openxpki148QvSRMnBh/EE:3D:CC:AF:82:F6:FF:78:90:D8:76:0E:65:99:CC:DE:B3:A2:AF:6F* > 40D7C139227F0000:error:1608010C:STORE > routines:ossl_store_handle_load_result:unsupported:../crypto/store/store_result.c:151: > 40D7C139227F0000:error:1C800064:Provider > routines:ossl_cipher_unpadblock:bad > decrypt:../providers/implementations/ciphers/ciphercommon_block.c:124: > 40D7C139227F0000:error:11800074:PKCS12 routines:PKCS12_pbe_crypt_ex:pkcs12 > cipherfinal error:../crypto/pkcs12/p12_decr.c:86:maybe wrong password > pkeyutl: Error initializing context > [pid=148|user=Anonymous|role=System|sid=kQij] > 2023/11/16 21:23:11 ERROR I18N_OPENXPKI_CRYPTO_CLI_EXECUTE_FAILED; > __COMMAND__ => pkeyutl -decrypt -inkey > /var/tmp/openxpki148QvSRMnBh/EE:3D:CC:AF:82:F6:FF:78:90:D8:76:0E:65:99:CC:DE:B3:A2:AF:6F > -in /var/tmp/openxpki148HN3vrxqD -out /var/tmp/openxpki148O0umHE5Y -passin > env:pwd, __EXIT_STATUS__ => 256 > [pid=148|user=Anonymous|role=System|sid=kQij] > 2023/11/16 21:23:11 ERROR I18N_OPENXPKI_TOOLKIT_COMMAND_FAILED; > __COMMAND__ => OpenXPKI::Crypto::Backend::OpenSSL::Command::decrypt_digest, > __ERRVAL__ => I18N_OPENXPKI_CRYPTO_CLI_EXECUTE_FAILED; __COMMAND__ => > pkeyutl -decrypt -inkey > /var/tmp/openxpki148QvSRMnBh/EE:3D:CC:AF:82:F6:FF:78:90:D8:76:0E:65:99:CC:DE:B3:A2:AF:6F > -in /var/tmp/openxpki148HN3vrxqD -out /var/tmp/openxpki148O0umHE5Y -passin > env:pwd, __EXIT_STATUS__ => 256 > [pid=148|user=Anonymous|role=System|sid=kQij] > > *This is how I set up my local openxpki:* > > git clone https://github.com/openxpki/openxpki-docker.git > cd openxpki-docker > make compose > docker exec -it openxpki_openxpki-server_1 sh -c /etc/openxpki/contrib/ > sampleconfig.sh > > config.d/realm.tpl/scep/generic.yaml is the original. > > *This is how I executed sscep:* > > openssl genrsa -out ${workdir}/client-key.pem 2048 > openssl req -new -key ${workdir}/client-key.pem -out > ${workdir}/client-csr.pem -config certreq.conf > sscep enroll -u http://localhost:8080/scep/scep \ > -v \ > -k ${workdir}/client-key.pem -r ${workdir}/client-csr.pem \ > -c ${workdir}/ca-certs.pem-0 \ > -l ${workdir}/client-cert.pem \ > -t 10 -n 1 > > *certreq.conf content is:* > > [ req ] > prompt = no > distinguished_name = req_distinguished_name > attributes = req_attributes > [ req_attributes ] > challengePassword=SecretChallenge > [ req_distinguished_name ] > CN=epp1_https > > > *What is wrong here? What else needs to be set up?* > > > Regards, > > Daniel > > _______________________________________________ > OpenXPKI-users mailing list > OpenXPKI-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openxpki-users >
_______________________________________________ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
