Hello, I am testing scepclient but it doesn't seem to send anything to the CA.
Using strongSwan 4.5.0 to MS CertSrv on Win 2003 Server with SCEP Add-On. I can't see any HTTP/SCEP packets sent to server. Any ideas? 1. Confirm CA server/SCEP is working by manual download: [root@XXXXXXXX ~]# wget -O abcd.der http://192.168.122.21/certsrv/mscep/mscep.dll?operation=GetCACert\&message=192.168.122.21 --2011-02-20 08:06:26-- http://192.168.122.21/certsrv/mscep/mscep.dll?operation=GetCACert&message=192.168.122.21 Connecting to 192.168.122.21:80... connected. HTTP request sent, awaiting response... 200 OK Length: 3558 (3.5K) [application/x-x509-ca-ra-cert] Saving to: “abcd.der” 100%[======================================>] 3,558 --.-K/s in 0.03s 2011-02-20 08:06:26 (105 KB/s) - “abcd.der” saved [3558/3558] BTW: I note that MS CertSrv doesn't work if you omit message= for the GetCACert operation. 2. [root@tristan ~]# ipsec scepclient --out cacert --url http://192.168.122.21/certsrv/mscep/mscep.dll -A -f | plugin 'aes': loaded successfully | plugin 'des': loaded successfully | plugin 'sha1': loaded successfully | plugin 'sha2': loaded successfully | plugin 'md5': loaded successfully | plugin 'random': loaded successfully | plugin 'x509': loaded successfully | plugin 'pkcs1': loaded successfully | plugin 'pem': loaded successfully | plugin 'gmp': loaded successfully loaded plugins: aes des sha1 sha2 md5 random x509 pkcs1 pem gmp | dn: 'C=CH, O=Linux strongSwan, CN=XXXXXXXX' | building pkcs10 object: fingerprint: 60fbb84a3c6f8bb82bc0540829fd61df ...nothing is happening... 3. Check for packets: [root@tristan ~]# tcpdump -i eth0 -w /var/tmp/TCPDUMP.dat host 192.168.122.21 tcpdump: listening on br0, link-type EN10MB (Ethernet), capture size 65535 bytes ^C0 packets captured 0 packets received by filter 0 packets dropped by kernel
_______________________________________________ Users mailing list [email protected] https://lists.strongswan.org/mailman/listinfo/users
