Re: [OpenXPKI-users] SSCEP and OpenKPKI Demosite

Thu, 08 Aug 2024 08:02:45 -0700 

Am 08.08.24 um 09:56 schrieb Martin Bartosch:

Hi,


I tried scep getcrl against the demosite but it didn't work:
abc.crt and abc.key have been generated on demo.openxpki.org beforehand.
root@pki:~/sscep-0.10.0# openssl x509 -noout -subject -in CA.pem-0
subject=CN = oxi-ce-demo.rackport.net:scep-ra
root@pki:~/sscep-0.10.0# ./sscep getcrl -u http://demo.openxpki.org/scep/test 
-c CA.pem-0 -l abc.crt -w bla -k abc.key -v



I guess, "Unable to serialize HASH" is the real issue. Any hints what went 
wrong?


On our demo.openxpki.org <http://demo.openxpki.org/> the SCEP server is 
configured to listen at http://demo.openxpki.org/scep/generic. The same is true for 
an unmodified setup from our community config repository.



Uh, stupid mistake of mine, sorry, I warned you, I may ask stupid questions ;-)

Unfortunately I get the same response from http://demo.openxpki.org/scep/generic

$ ./sscep getcrl -u http://demo.openxpki.org/scep/generic -c CA-0 -l 
sceptest1.crt -w bla -k sceptest1.key -v
./sscep: starting sscep, version 0.10.0
./sscep: new transaction
./sscep: transaction id: SSCEP transactionId
./sscep: hostname: demo.openxpki.org
./sscep: directory: scep/generic
./sscep: port: 80
./sscep: SCEP_OPERATION_GETCAPS
./sscep: connecting to demo.openxpki.org:80
./sscep: server response status code: 200, MIME header: text/plain
Renewal
POSTPKIOperation
SHA-512
SHA-384
SHA-256
SHA-224
SHA-1
DES3
AES
./sscep: SCEP_OPERATION_GETCRL
./sscep: requesting crl
./sscep: request data dump
./sscep: data payload size: 69 bytes
./sscep: successfully encrypted payload
./sscep: envelope size: 682 bytes
./sscep: creating outer PKCS#7
./sscep: PKCS#7 data written successfully
./sscep: payload size: 3154 bytes
./sscep: connecting to demo.openxpki.org:80
./sscep: server response status code: 500, MIME header: text/html
./sscep: wrong (or missing) MIME content type
./sscep: error while sending message

==> /var/log/openxpki/scep.log <==
2024/08/08 15:30:26 ERR Unexpected response from backend [pid=21283|ep=generic]

I get 500 as response for getcrl, getnextca, getcert, but getca and enroll work!

Any more ideas? getca and enroll are the the most needed functions, but it 
would be great if the remaining functions would work too.


Best,
-ap



_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users

Reply via email to