Common Informations ------------------------------------------------ OpenCA Version : 0.9.2.1 Perl Version : v5.8.4 OpenSSL Version : 0.9.7e Operating System: Linux Debian SID Kernel 2.6.9 ------------------------------------------------ Problem Description:
Hi I tried to get SCEP working, but no success. I created new keys and certs for SCEP (2048 bit, ROLE : Webserver) When I try with some SCEP client to retrieve the CA cert I get following Error : with SSCEP : gaia:/usr/local/src/sscep# ./sscep getca -f ./sscep.conf ./sscep: starting sscep, version 20030417 ./sscep: hostname: 192.168.0.170 ./sscep: directory: cgi-bin/scep/scep ./sscep: port: 80 ./sscep: SCEP_OPERATION_GETCA ./sscep: requesting CA certificate ./sscep: scep msg: GET /cgi-bin/scep/scep?operation=GetCACert&message=CAIdentifier HTTP/1.0 ./sscep: server returned status code 200 ./sscep: wrong MIME content type ./sscep: error while sending message If I try with Cisco VPN Client 4.6.00.45 I get also a Error. When I decode the Ethereal Trace I can see following Response from the SCEP RA : (sorry only in german, I have no clue how to change SCEP to english error messages ... ) <html xmlns="http://www.w3.org/1999/xhtml"; lang="C" xml:lang="C"><head><title>Allgemeiner Fehler</title> </head><body bgcolor="#FFFFFF"><CENTER><BR><HR WIDTH=80%><BR></CENTER><OL><OL><H1><FONT COLOR=red>Fehler 6293017</FONT></H1><OL> <B>Allgemeiner Fehler</B> Es gibt ein Problem mit der Konfiguration. Ein Nutzer kann nur auf eine Rolle abgebildet werden, wenn die Authentifizierung .ber Zertifikate durchgef.hrt worden ist.</OL></OL></OL> Here my SCEP config in config.xml <!-- ===================== --> <!-- configuration of SCEP --> <!-- ===================== --> <option> <name>SCEP_RA_CERT</name> <value>/home/openca/certs/scep-cert.pem</value> </option> <option> <name>SCEP_RA_KEY</name> <value>/home/openca/certs/scepkey.pem</value> </option> <option> <name>SCEP_RA_PASSWD</name> <value></value> </option> Is it a requirement that SCEP Key and Cert is in some specific directory, must it be in the www directory ? or is it enough if webserver is able to read the certs and keys ? Thanks Michael -- +++ Sparen Sie mit GMX DSL +++ http://www.gmx.net/de/go/dsl AKTION f�r Wechsler: DSL-Tarife ab 3,99 EUR/Monat + Startguthaben ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
