> Tom Tim wrote: > > After a long way, i am now on the same point as Paul. > > > > My sscep Client is working, but the netscreen isnt too. > > > > Here the log from netscreen. > > > > this is the response to which command at netscreen? > i can\'t see it? ;) > > greetings > dalini > Sorry,
ok this is the log after retrieving a pending cert ( The exact command is \"exec pki x509 scep cert (id of cert)\"). This command is necessary after issuing cert on ca, to get cert. Below you can see the corresponding lines retrieving a cert from Microsoft ca via netscreen. --------------------------------------------------- GET request: len=3150 ## 14:39:54 : openHttpConnection: convert the host name 172.16.98.92. ## 14:39:54 : server IP 172.16.98.92 ## 14:39:54 : Trying to connect host 172.16.98.92 port 80 ## 14:39:54 : Trying to send to socket 543 ## 14:39:54 : openHttpConnection: done <0>. ## 14:39:54 : scep_rsp_ca_ra: done, p_scep_context = 2178428 ## 14:39:54 : updateCertFile: Update the cert files. ## 14:39:54 : PKI: opened file for write, product<9>. ## 14:40:05 : http socket <543> got data <06e30198> len <2619> byte. ## 14:40:05 : pkiExec: got content <application/x-pki-messag>, data <6e3023d> da ta len <2454> ## 14:40:05 : pkiExec: in_process = 0 ## 14:40:05 : Got buf=6e3023d len=2454 context 2178428 contentType=application/x -pki-messag contentTypeLen=25 ## 14:40:05 : scep_server_rsp: sub command <13> ## 14:40:05 : scep_server_rsp: (SCEP) Got PKI operation response ## 14:40:05 : scep_rsp_pkioperation: p_scep_context = 2178428 ## 14:40:05 : scep_rsp_cmd: p_scep_context = 2178428 ## 14:40:05 : scep_rsp_pkioperation: SCEP_SUCCESS ## 14:40:05 : scep_rsp_pkioperation_success: p_scep_context = 2178428 <057b9ea0> ## 14:40:05 : scep_transaction_id: len = 4 57b7bd80 38ea0793 45df07fa 8dd9f895 ## 14:40:05 : PKI: no FQDN available when requesting certificate. ## 14:40:05 : scep_rsp_pkioperation_success: p_scep_context = 2178428 <057b9ea0> ## 14:40:05 : SCEP received certificate: CN=mscep1,CN=calinux,CN=rsa-key,CN=677, CN=0029072002000255,CN=172.16.104.6,OU=RD,O=Bintec,ST=Germany,C=DE, ## 14:40:05 : set_obj_attrs: found the RSA/DSA key pair. ## 14:40:05 : NEW local X509 name: CN=mscep1,CN=calinux,CN=rsa-key,CN=677,CN=002 9072002000255,CN=172.16.104.6,OU=RD,O=Bintec,ST=Germany,C=DE, ## 14:40:05 : put_x509_object_to_store-> ## 14:40:05 : device id <0000b960> ## 14:40:05 : PKI: X.509 pending certificate has been deleted. ## 14:40:05 : ha_sync_pki_object: op<1> attr<0000f002> ## 14:40:05 : updateCertFile: Update the cert files. ## 14:40:05 : PKI: opened file for write, product<9>. ## 14:40:12 : scep_done: p_scep_context = 2178428 ## 14:40:12 : PKI: The SCEP certificate request has been completed successfully. ## 14:40:12 : pki_is_pkcs_ca_cert_ready: success. ----------------------------------------------------------------------- greetings timtom > ------------------------------------------------------- > SF email is sponsored by - The IT Product Guide > Read honest & candid reviews on hundreds of IT Products from real users. > Discover which products truly live up to the hype. Start reading now. > http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click > _______________________________________________ > Openca-Users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/openca-users > www.mails.at - Der kostenlose E-Mail Anbieter ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://ads.osdn.com/?ad_id=6595&alloc_id=14396&op=click _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
