Re: [strongSwan] scepclient not generating any traffic to server: GetCACert

Sat, 19 Feb 2011 16:47:07 -0800 

I hav also tried with 4.5.1, same result. scepclient is stuck at the command
line.


On Sun, Feb 20, 2011 at 8:11 AM, Richard Chan <[email protected]>wrote:

> Hello, I am testing scepclient but it doesn't seem to send anything to the
> CA.
>
> Using strongSwan 4.5.0 to MS CertSrv on Win 2003 Server with SCEP Add-On.
>
> I can't see any HTTP/SCEP packets sent to server. Any ideas?
>
>
> 1. Confirm CA server/SCEP is working by manual download:
>
> [root@XXXXXXXX ~]# wget -O abcd.der
> http://192.168.122.21/certsrv/mscep/mscep.dll?operation=GetCACert\&message=192.168.122.21
> --2011-02-20 08:06:26--
> http://192.168.122.21/certsrv/mscep/mscep.dll?operation=GetCACert&message=192.168.122.21
> Connecting to 192.168.122.21:80... connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 3558 (3.5K) [application/x-x509-ca-ra-cert]
> Saving to: “abcd.der”
>
> 100%[======================================>] 3,558       --.-K/s   in
> 0.03s
>
> 2011-02-20 08:06:26 (105 KB/s) - “abcd.der” saved [3558/3558]
>
> BTW: I note that MS CertSrv doesn't work if you omit message= for the
> GetCACert operation.
>
> 2. [root@tristan ~]# ipsec scepclient --out cacert --url
> http://192.168.122.21/certsrv/mscep/mscep.dll -A -f
> | plugin 'aes': loaded successfully
> | plugin 'des': loaded successfully
> | plugin 'sha1': loaded successfully
> | plugin 'sha2': loaded successfully
> | plugin 'md5': loaded successfully
> | plugin 'random': loaded successfully
> | plugin 'x509': loaded successfully
> | plugin 'pkcs1': loaded successfully
> | plugin 'pem': loaded successfully
> | plugin 'gmp': loaded successfully
>   loaded plugins: aes des sha1 sha2 md5 random x509 pkcs1 pem gmp
> | dn: 'C=CH, O=Linux strongSwan, CN=XXXXXXXX'
> | building pkcs10 object:
>   fingerprint:    60fbb84a3c6f8bb82bc0540829fd61df
> ...nothing is happening...
>
> 3. Check for packets:
>
> [root@tristan ~]# tcpdump -i eth0 -w /var/tmp/TCPDUMP.dat host
> 192.168.122.21
> tcpdump: listening on br0, link-type EN10MB (Ethernet), capture size 65535
> bytes
> ^C0 packets captured
> 0 packets received by filter
> 0 packets dropped by kernel
>
>
>

_______________________________________________
Users mailing list
[email protected]
https://lists.strongswan.org/mailman/listinfo/users

Reply via email to