Hi Oliver,
Thank you for the feedback, however changing the endpoint as you suggested
did not make any difference (with or without appending "pkiclient"). I am still
getting the same error, except that the scep log makes reference to
"ep=generic", as seen below. Is there anything else I can try to resolve the
problem?
sending scep request to 'http://localhost:8080/scep/generic/pkiclient'
sending request to
'http://localhost:8080/scep/generic/pkiclient?operation=PKIOperation'...
did not receive a valid SCEP response: HTTP 400
SCEP Log:
2025/02/06 02:25:16 ERR Request was rejected: I18N_OPENXPKI_UI_INVALID_PROFILE
[pid=86|ep=generic]
2025/02/06 02:25:16 WAR Client error / malformed request: badRequest (internal
code: 40006) [pid=86|ep=generic]
Is the scep enrollment command itself missing something? Since I am getting
malformed request : badRequest
sudo bash -c 'pki --scep --debug 4 --url
http://localhost:8080/scep/generic/pkiclient --outform pem --cacert-enc
racert.pem --cacert-sig cacert-1.pem --cacert cacert.pem --in scep.key --san
"myScepClient.test.org" --dn "C=CH, O=strongswan Project,
CN=myScepClient.test.org" --interval 10 --maxpolltime 120 > scep.crt'
Thanks,
Ed
From: Oliver Welter <m...@oliwel.de>
Sent: Wednesday, February 5, 2025 3:14 AM
To: openxpki-users@lists.sourceforge.net
Subject: Re: [OpenXPKI-users] SCEP enrollment failure ( sending request to
'http://localhost:8080/scep/pkiclient?operation=PKIOperation'... did not
receive a valid SCEP response: HTTP 400)
Hello Ed,
OpenXPKI can serve multiple SCEP endpoints and therefore requires that you
address them properly - the default configuration provides the endpoint named
"generic", so please replace the SCEP URI with http://yourhost/scep/generic
(you can leave the pkiclient at the end as this is stripped)
Oliver
On 05.02.25 00:16, Jean-Baptiste, Edwige via OpenXPKI-users wrote:
I am new to SCEP. I installed OpenXPKI following the installation guide, I ran
the sampleconfig script. I am able to use the WebUI test platform to
generate/enroll certificates. When I try to enroll a certificate using "pki
--scep" from the Strongswan 5.9.13 package, I encounter an error. Can anyone
help me figure this out?
Here are the steps I took until the the failure from the client side. The first
two commands succeeded. The full enrollment output is attached.
sudo openssl genrsa -out scep.key 2048
sudo pki --scepca --debug 3 --url http://localhost:8080/scep/pkiclient
--outform pem --caout cacert --raout racert
sudo bash -c 'pki --scep --debug 4 --url http://localhost:8080/scep/pkiclient
--outform pem --cacert-enc racert.pem --cacert-sig cacert-1.pem --cacert
cacert.pem --in scep.key --san "myScepClient.test.org" --dn "C=CH, O=strongswan
Project, CN=myScepClient.test.org" --interval 10 --maxpolltime 120 > scep.crt'
sending scep request to 'http://localhost:8080/scep/pkiclient'
sending request to
'http://localhost:8080/scep/pkiclient?operation=PKIOperation'...
did not receive a valid SCEP response: HTTP 400
SCEP Log:
2025/02/04 06:34:02 ERR Request was rejected: I18N_OPENXPKI_UI_INVALID_PROFILE
[pid=86|ep=pkiclient]
2025/02/04 06:34:02 WAR Client error / malformed request: badRequest (internal
code: 40006) [pid=86|ep=pkiclient]
Thanks,
Ed
_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net<mailto:OpenXPKI-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/openxpki-users
--
Protect your environment - close windows and adopt a penguin!
_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users
