Hi, > sscep version 20030417, openca-0.9.2.4 both compiled with openssl-0.9.7g.
> ./sscep: error verifying signature > 23698:error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block > type is not 01:rsa_pk1.c:100: > 23698:error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check > failed:rsa_eay.c:580: > 23698:error:21071069:PKCS7 routines:PKCS7_signatureVerify:signature > failure:pk7_doit.c:868: > > can anybody help with it ? I know this error very well, but in my case it was an incorrect OpenSSL library (check that OpenCA's openca-scep and your sscep commands do not fall back to a 0.9.7d lib). Also you might verify if your SCEP server certificate is configured properly, that the corresponding RSA key is configured and does exist and that NO passphrase is set for this key. You will have to enter a dummy password in the config, it is ignored. Next you should verify that you are using the correct RA certificate when sending the request, it's usually the first returned by the getcacert operation. Don't know if this really helps you, though... Martin ------------------------------------------------------- SF.Net email is sponsored by: Tame your development challenges with Apache's Geronimo App Server. Download it for free - -and be entered to win a 42" plasma tv or your very own Sony(tm)PSP. Click here to play: http://sourceforge.net/geronimo.php _______________________________________________ Openca-Users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openca-users
