Hi Mark,
first of all - sampleconfig already sets up the cli connection and also
adds a SCEP certificate, does this work for you?
What format is your SCEP key? Currently only RSA is supported and I had
some issues in the past with encrypted key - so if you can perhaps share
the command you used to generate this it might help tracking this down.
You might try to import only the cert without the key (will not work
afterwards but sheds some light on the root cause).
Please check the logs of the server after trying the import - the
"unable to decode message" sounds like something in the server throws an
exception.
Oliver
On 28.08.25 18:00, Mark via OpenXPKI-users wrote:
I have built OpenXPKI Community Edition v3.32.8 on Debian 12.11 using
the demo configuration (sampleconfig.sh). It is running and issuing
certificates from externally-generated CSRs.
I wish to enable the SCEP Server so, following the instructions in the
Quickstart guide, I have generated a 'TLS/Web Server' certificate in
the 'Open Source Trustcenter', then exported the certificate and
private key then placed in scep.crt and scep.key. I created a key pair
for the client using the 'oxi cli create' and placed these in the
'~/.oxi/client.key' and 'config.d/system/cli.yaml' files, taking care
that the yaml syntax is valid. When I try and register the scep token
with the 'oki token add --real democa --type scep --cert scep.crt
--key scep.key' command, I am getting an 'Unable to decode' message.
Can you provide some guidance on how to fix this issue ( I have
attempted several times already ).
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
--
Protect your environment - close windows and adopt a penguin!
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
