Hi Fabrice, Thanks for the reply, yes certmonger seems to allow what sscep was used for with "getcert add-scep-ca" command.
You can have read here : https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system-level_authentication_guide/certmonger-scep Although at the moment I have no way to confirm it gonna work as it appears that NDES configuration is not full working at my work place. Will send an update when the admin will have time to look at it today or tomorrow. Regards Richard On Wed, Aug 14, 2019 at 9:03 PM Durand fabrice <fdur...@inverse.ca> wrote: > Hello Richard, > > i will take a look in the repo to check if sscep is the correct package. > (Attached the version built for stretch you can try). > > Also i am on the support of debian buster and i need to find an > alternative to sscep (i am not able to build it because of the openssl > version with asn1 deprecated https://news.ycombinator.com/item?id=14579534 > ) > > I found this candidate > https://packages.debian.org/search?keywords=strongswan-scepclient but > certmonger looks to be a good alternative too. > > Regards > > Fabrice > > > Le 19-08-14 à 12 h 00, Richard Vézina a écrit : > > Hi, > > I am coming to PacketFence from a pointer to this Debian package of sscep > here : > > https://blogs.technet.microsoft.com/jeffbutte/2016/12/16/236/ > > (one of the last post at the bottom of the page) > > I have been adding the repository like so : > > > echo 'deb http://inverse.ca/downloads/PacketFence/ubuntu stretch > stretch' | sudo tee /etc/apt/sources.list.d/packetfence.list > > sudo apt-key adv --keyserver hkp://keys.gnupg.net:80 --recv-keys > 0x810273C4 > > sudo apt-get update > > sudo apt-get install sscep > > Which fails on libssl1.0.2, which shouldn t fail as I have : > > % openssl version > OpenSSL 1.1.1 11 Sep 2018 > > More up to date > > So I recover the .deb here : > http://inverse.ca/downloads/PacketFence/ubuntu/pool/stretch/s/sscep/ > > Remove the libssl dependency like so : > > dpkg-deb -x sscep_0.6.1-1_amd64.deb sscep_MOD_temp > > dpkg-deb --control sscep_0.6.1-1_amd64.deb sscep_MOD_temp/DEBIAN > # edit with vim remove libssl dep > # Repack the deb > > dpkg -b sscep_temp sscep_MOD_0.6.1-1_amd64.deb > # install it > > sudo apt install ./sscep_MOD_0.6.1-1_amd64.deb > # Yeah it installed > > Although it was still falling over libssl1.0.2 requirement > I made a symbolic link to workaround that like so : > > sudo ln -s /usr/lib/x86_64-linux-gnu/libcrypto.so.1.1 > /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.2 > Which worked (stop have complain about libssl wrong version) > > But then : > > Start having this error : > > sscep: /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.2: version > `OPENSSL_1.0.2d' not found (required by sscep) > > I wonder why dependency is so strict over this particular openssl/libssl > version? > > Particularly since the deb package specify (>= 1.0.2d), although I think > that the dep should be like so : > Depends: libc6 (>= 2.14), libssl (>= 1.0.2d), openssl > And not : > Depends: libc6 (>= 2.14), libssl1.0.2 (>= 1.0.2d), openssl > > I had tried to just remove the above, but I had to remove the libssl dep > entirely. > > But still the dependecy is enforce somewhere else further down the code. > > Could this be relaxed? > > Otherwise I will have to compile sscep form source hoping that it gonna > work better... > > Finally I wonder if I can achieve what I want to with this instead : > http://manpages.ubuntu.com/manpages/xenial/man1/getcert-add-scep-ca.1.html > > See first link above for the context of all this. > > Thanks a lot > > Richard > > > _______________________________________________ > PacketFence-devel mailing > listPacketFence-devel@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/packetfence-devel > > _______________________________________________ > PacketFence-devel mailing list > PacketFence-devel@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/packetfence-devel >
_______________________________________________ PacketFence-devel mailing list PacketFence-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/packetfence-devel
