Hi Oliver, Thank you for your reply. The situation has changed a bit, after pushing a new certificate chain (root, certsign, scep), the enrollment now goes further. And now I get an error that seems to be similar to Jairo R. Mejia Aponte's post : https://sourceforge.net/p/openxpki/mailman/message/58788506/ I saw your answer in this post, and I tried to change the URL (../scep/generic) but the result is the same, I got an invalid profile.
Best regards Eddy SSCEP logs: sscep enroll -u http://192.168.1.153:80/scep/generic -v -d -k local.key -r local.csr -l local.crt -c pki2.crt-0 sscep: PKCS#7 contains 0 bytes of enveloped data sscep: verifying signature sscep: signature ok sscep: finding signed attributes sscep: finding attribute transId sscep: allocating 32 bytes for attribute sscep: reply transaction id: 65950E20937C5635E1D2F510E19985E9 sscep: finding attribute messageType sscep: allocating 1 bytes for attribute sscep: reply message type is good sscep: finding attribute senderNonce sscep: allocating 16 bytes for attribute sscep: senderNonce in reply: 4D3889B2BF799BBFE1FCB54F90477B00 sscep: finding attribute recipientNonce sscep: allocating 16 bytes for attribute sscep: recipientNonce in reply: C68880C978F23DDFA9AC7947142D9E1F sscep: finding attribute pkiStatus sscep: allocating 1 bytes for attribute sscep: pkistatus: FAILURE sscep: finding attribute failInfo sscep: allocating 1 bytes for attribute sscep: reason: Transaction not permitted or supported OpenXPKI logs: ==> /var/log/openxpki/openxpki.log <== 2024/06/26 05:24:33 INFO Login successful (user: Anonymous, role: System) [pid=4071|sid=BX+t|pki_realm=democa] ==> /var/log/openxpki/catchall.log <== 2024/06/26 05:24:33 openxpki.auth.INFO Login successful (user: Anonymous, role: System) [pid=4071|sid=BX+t|pki_realm=democa] ==> /var/log/openxpki/openxpki.log <== 2024/06/26 05:24:33 INFO Login successful (user: Anonymous, role: System) [pid=4072|sid=U4NR|pki_realm=democa] ==> /var/log/openxpki/catchall.log <== 2024/06/26 05:24:33 openxpki.auth.INFO Login successful (user: Anonymous, role: System) [pid=4072|sid=U4NR|pki_realm=democa] ==> /var/log/openxpki/scep.log <== 2024/06/26 05:24:33 ERR Request was rejected: I18N_OPENXPKI_UI_INVALID_PROFILE [pid=3930|ep=generic] 2024/06/26 05:24:33 WAR Client error / malformed request: badRequest (internal code: 40006) [pid=3930|ep=generic] CSR: Certificate Request: Data: Version: 1 (0x0) Subject: CN=PetitPoucet, C=FR, O=SE, OU=RnD Subject Public Key Info: Public Key Algorithm: rsaEncryption Public-Key: (4096 bit) Modulus: 00:a3:f5:ca:b3:b2:e0:56:6b:a9:96:c5:b6:40:fa: 3b:a9:4a:... Exponent: 65537 (0x10001) Attributes: challengePassword :SecretChallenge Requested Extensions: X509v3 Key Usage: Digital Signature, Key Encipherment X509v3 Extended Key Usage: TLS Web Server Authentication, TLS Web Client Authentication Signature Algorithm: sha256WithRSAEncryption Signature Value: 5d:b3:a8:75:b1:df:8c:c1:6f:e9:a1:cd:c9:69:42:3b:7d:31: 57:8d:02:f8:... General ________________________________ De : Oliver Welter <m...@oliwel.de> Envoyé : mercredi 26 juin 2024 07:32 À : openxpki-users@lists.sourceforge.net <openxpki-users@lists.sourceforge.net> Objet : Re: [OpenXPKI-users] [SCEP] HTTP Error 500 with OpenXpki v3.30.3 [External email: Use caution with links and attachments] ________________________________ Hi Eddy, it works here for me on our demo without any problems, do you have any specialitites in the CSR? Whats in the logs? Oliver On 23.06.24 21:30, Eddy BODIN via OpenXPKI-users wrote: Hello, I have just performed a new installation of OpenXPKI v.30.3 with the APT mechanism on my Debian 12.5.0 virtual machine but when I try to enroll with SSCEP v0.10.0 (SSCEP is on another Debian 12.5.0 VM - also newly installed), I get an HTTP 500 error code from OpenXPKI. Should I add a new argument to SSCEP for enrollment? PS: To install OpenXPKI, I used the quick start documentation and the sampleconfig.sh script. The only file I configured was /etc/openxpki/config.d/system/database.yaml to type: MariaDB2 root@debian:~/sscep-master/001# sscep enroll -u http://192.168.1.112/scep/scep -c pki.crt-0 -k local.key -r local.csr -l local.crt -d sscep: starting sscep, version 0.10.0 sscep: new transaction sscep: transaction id: D41D8CD98F00B204E9800998ECF8427E sscep: hostname: 192.168.1.112 sscep: directory: scep/scep sscep: port: 80 sscep: SCEP_OPERATION_GETCAPS sscep: scep request: ... sscep: connecting to 192.168.1.112:80<http://192.168.1.112/> sscep: server response status code: 500, MIME header: text/html sscep: wrong (or missing) MIME content type sscep: error while sending message root@debian:~/sscep-master/001# PS: sscep getca works well Best Regards Eddy General _______________________________________________ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net<mailto:OpenXPKI-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/openxpki-users -- Protect your environment - close windows and adopt a penguin!
_______________________________________________ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
