I am new to SCEP. I installed OpenXPKI following the installation guide, I ran the sampleconfig script. I am able to use the WebUI test platform to generate/enroll certificates. When I try to enroll a certificate using "pki --scep" from the Strongswan 5.9.13 package, I encounter an error. Can anyone help me figure this out? Here are the steps I took until the the failure from the client side. The first two commands succeeded. The full enrollment output is attached.
sudo openssl genrsa -out scep.key 2048 sudo pki --scepca --debug 3 --url http://localhost:8080/scep/pkiclient --outform pem --caout cacert --raout racert sudo bash -c 'pki --scep --debug 4 --url http://localhost:8080/scep/pkiclient --outform pem --cacert-enc racert.pem --cacert-sig cacert-1.pem --cacert cacert.pem --in scep.key --san "myScepClient.test.org" --dn "C=CH, O=strongswan Project, CN=myScepClient.test.org" --interval 10 --maxpolltime 120 > scep.crt' sending scep request to 'http://localhost:8080/scep/pkiclient' sending request to 'http://localhost:8080/scep/pkiclient?operation=PKIOperation'... did not receive a valid SCEP response: HTTP 400 SCEP Log: 2025/02/04 06:34:02 ERR Request was rejected: I18N_OPENXPKI_UI_INVALID_PROFILE [pid=86|ep=pkiclient] 2025/02/04 06:34:02 WAR Client error / malformed request: badRequest (internal code: 40006) [pid=86|ep=pkiclient] Thanks, Ed
pki_scep.log
Description: pki_scep.log
_______________________________________________ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
