Hi all. I think it's a offtopic question, but I need help !!
I'm deploy a SCEP Server to work with Cisco Router using IAIK
library.
At moment it can do:
- GetCARACert: My CA/RA Certificate are stored in Cisco with IOS
12.01
- PKCSReq is received and the certificate is issued.
The problem is PKCSRep Message. When SCEPResponder send this message
to router it show
following error:
***************************************************************************************
1w3d: CRYPTO_PKI: received msg of 3166 bytes
1w3d: CRYPTO_PKI: HTTP response header:
HTTP/1.1 200 OK
Date: Tue, 26 Jun 2001 08:18:22 GMT
Server: Apache/1.3.12 (Unix) ApacheJServ/1.1.2 mod_ssl/2.6.6
OpenSSL/0.9.5a
Content-Length: 2951
Connection: close
Content-Type: application/x-pki-message
1w3d: Received pki message: 2951 types
1w3d: 30 80 06 09 2A 86 48 86 F7 0D 01 07 02 A0 80 30 80 02 01 01
........................................................
1w3d: 3B 45 6B F7 FB 00 00 00 00 00 00
1w3d: CRYPTO_PKI: WARNING: Certificate, private key or CRL was not found
while selecting CRL
1w3d: CRYPTO_PKI: WARNING: Certificate, private key or CRL was not found
while selecting CRL
1w3d: CRYPTO_PKI: signed attr: pki-message-type:
1w3d: 13 01 33
1w3d: CRYPTO_PKI: signed attr: pki-status:
1w3d: 13 01 30
1w3d: CRYPTO_PKI: signed attr: pki-recipient-nonce:
1w3d: 04 10 5F E9 59 D9 EE 59 D9 09 74 78 78 4E 86 8B 43 AA
1w3d: CRYPTO_PKI: signed attr: pki-transaction-id:
1w3d: 13 20 41 37 35 37 32 38 44 36 38 33 43 43 45 43 44 32 32 37
1w3d: 32 41 44 33 39 35 46 38 33 44 39 38 30 42
1w3d: CRYPTO_PKI: status = 100: certificate is granted
1w3d: Verified signed data 1858 bytes:
1w3d: 30 80 06 09 2A 86 48 86 F7 0D 01 07 03 A0 80 30 80 02 01 00
..............................
1w3d: 0A 03 B8 B8 71 D5 73 1C B6 C4 00 00 00 00 00 00 00 00
1w3d: CRYPTO_PKI: status = 301: failed to open the envelope
1w3d: %CRYPTO-6-CERTFAIL: Certificate enrollment failed.
1w3d: CRYPTO__PKI: All enrollment requests completed.
1w3d: CRYPTO__PKI: All enrollment requests completed.
****************************************************************************************
Message is ok, but it can't open the envelope
The enveloped data returned in PKCSReq Message is not PKCS7 compliant:
"encryptedContent [0] IMPLICIT EncryptedContent OPTIONAL
}"
it send a
EXPLICIT content that has two OCTET_STRING !!!
Can anybody help me?
Thanks, Gabi.
--
-------------------------------------------------
Gabriel Lopez Millan - Grupo ANTS-CIRCuS
Facultad de Informatica
Universidad de Murcia (Espaqa) Tfo: +34 968367645
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=9948&t=9948
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
