Re: [OpenXPKI-users] SCEP enrollment failure ( sending request to 'http://localhost:8080/scep/pkiclient?operation=PKIOperation'... did not receive a valid SCEP response: HTTP 400)

Wed, 05 Feb 2025 00:15:17 -0800 

Hello Ed,
OpenXPKI can serve multiple SCEP endpoints and therefore requires that you address them properly - the default configuration provides the endpoint named "generic", so please replace the SCEP URI with http://yourhost/scep/generic (you can leave the pkiclient at the end as this is stripped) 

Oliver

On 05.02.25 00:16, Jean-Baptiste, Edwige via OpenXPKI-users wrote:



I am new to SCEP. I installed OpenXPKI following the installation 
guide, I ran the sampleconfig script. I am able to use the WebUI test 
platform to generate/enroll certificates. When I try to enroll a 
certificate using "pki --scep" from the Strongswan 5.9.13 package, I 
encounter an error. Can anyone help me figure this out?



Here are the steps I took until the the failure from the client side. 
The first two commands succeeded. The full enrollment output is attached.


sudo openssl genrsa -out scep.key 2048


sudo pki --scepca --debug 3 --url 
http://localhost:8080/scep/pkiclient --outform pem --caout cacert 
--raout racert



sudo bash -c 'pki --scep --debug 4 --url 
http://localhost:8080/scep/pkiclient --outform pem --cacert-enc 
racert.pem --cacert-sig cacert-1.pem --cacert cacert.pem --in scep.key 
--san "myScepClient.test.org" --dn "C=CH, O=strongswan Project, 
CN=myScepClient.test.org" --interval 10 --maxpolltime 120 > scep.crt'


sending scep request to 'http://localhost:8080/scep/pkiclient'

sending request to 
'http://localhost:8080/scep/pkiclient?operation=PKIOperation'...

did not receive a valid SCEP response: HTTP 400

SCEP Log:


2025/02/04 06:34:02 ERR Request was rejected: 
I18N_OPENXPKI_UI_INVALID_PROFILE [pid=86|ep=pkiclient]
2025/02/04 06:34:02 WAR Client error / malformed request: badRequest 
(internal code: 40006) [pid=86|ep=pkiclient]


Thanks,

Ed



_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users


--
Protect your environment -  close windows and adopt a penguin!

_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users






















					Reply via email to