Hi, I am trying to get the Scep auto enroll test working and I am really close. In fact everything is running normally, the certificate is generated and published. The Openxpki interface lists it with a SUCCESS status.
I have an error while Openxpki is constructing the scep answer to the client that requested a certificate. Any help would be greatly appreciated ! Thanks Raphaƫl I use sscep to test and here are the clients logs : ./mkrequest -dns test6.it-factory.prod.lan Generating RSA private key, 2048 bit long modulus .................+++ .........+++ e is 65537 (0x010001) ./sscep_dyn enroll -f sscep.conf ./sscep_dyn: Found private key ./local.key as file. If the engine can handle it, loading the file ./sscep_dyn: sending certificate request ./sscep_dyn: error while sending message HERE are the Openxpki logs : 2018/09/27 15:44:59 openxpki.application.INFO SCEP incoming request, id EC6B7939CE785764476E61D4C5C5F340 [pid=12497|sid=TSco|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:44:59 openxpki.application.INFO SCEP try to start new workflow for EC6B7939CE785764476E61D4C5C5F340 [pid=12497|sid=TSco|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:44:59 openxpki.application.INFO Execute action scep_initialize on workflow #30463 [pid=12497|sid=TSco|wftype=enrollment|wfid=30463|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:44:59 openxpki.application.INFO Execute action scep_extract_csr on workflow #30463 [pid=12497|sid=TSco|wftype=enrollment|wfid=30463|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:44:59 openxpki.application.WARN SCEP csr key size is ok (rsaEncryption / 2048) [pid=12497|sid=TSco|wftype=enrollment|wfid=30463|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:44:59 openxpki.application.INFO SCEP csr hash type is ok (sha1) [pid=12497|sid=TSco|wftype=enrollment|wfid=30463|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:44:59 openxpki.application.INFO SCEP subject rendering enabled ( I18N_OPENXPKI_PROFILE_TLS_SERVER / enroll ) [pid=12497|sid=TSco|wftype=enrollment|wfid=30463|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:44:59 openxpki.application.INFO SCEP signer subject: CN=test6.it-factory.prod.lan - is selfsign [pid=12497|sid=TSco|wftype=enrollment|wfid=30463|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:45:00 openxpki.application.INFO Execute action scep_calculate_hmac on workflow #30463 [pid=12497|sid=TSco|wftype=enrollment|wfid=30463|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:45:00 openxpki.application.INFO Execute action scep_set_workflow_attributes on workflow #30463 [pid=12497|sid=TSco|wftype=enrollment|wfid=30463|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:45:00 openxpki.application.INFO Execute action scep_fetch_group_policy on workflow #30463 [pid=12497|sid=TSco|wftype=enrollment|wfid=30463|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:45:00 openxpki.application.INFO Execute action global_noop on workflow #30463 [pid=12497|sid=TSco|wftype=enrollment|wfid=30463|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:45:00 openxpki.application.INFO Execute action scep_eval_signer_trust on workflow #30463 [pid=12497|sid=TSco|wftype=enrollment|wfid=30463|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:45:00 openxpki.application.WARN Trusted Signer chain validation FAILED [pid=12497|sid=TSco|wftype=enrollment|wfid=30463|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:45:00 openxpki.application.INFO Trusted Signer not found in trust list (CN=test6.it-factory.prod.lan). [pid=12497|sid=TSco|wftype=enrollment|wfid=30463|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:45:01 openxpki.application.INFO Execute action scep_set_request_mode on workflow #30463 [pid=12497|sid=TSco|wftype=enrollment|wfid=30463|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:45:01 openxpki.application.INFO Execute action scep_eval_eligibility on workflow #30463 [pid=12497|sid=TSco|wftype=enrollment|wfid=30463|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:45:01 openxpki.application.INFO Eligibility check for scep.scep-ca-prod.eligible.initial granted [pid=12497|sid=TSco|wftype=enrollment|wfid=30463|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:45:01 openxpki.application.INFO Execute action global_noop2 on workflow #30463 [pid=12497|sid=TSco|wftype=enrollment|wfid=30463|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:45:01 openxpki.application.INFO Execute action global_noop on workflow #30463 [pid=12497|sid=TSco|wftype=enrollment|wfid=30463|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:45:01 openxpki.application.INFO Execute action global_noop on workflow #30463 [pid=12497|sid=TSco|wftype=enrollment|wfid=30463|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:45:01 openxpki.application.INFO Execute action global_noop on workflow #30463 [pid=12497|sid=TSco|wftype=enrollment|wfid=30463|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:45:01 openxpki.application.INFO Execute action global_noop on workflow #30463 [pid=12497|sid=TSco|wftype=enrollment|wfid=30463|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:45:01 openxpki.application.INFO Execute action global_noop2 on workflow #30463 [pid=12497|sid=TSco|wftype=enrollment|wfid=30463|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:45:01 openxpki.application.INFO Execute action global_noop on workflow #30463 [pid=12497|sid=TSco|wftype=enrollment|wfid=30463|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:45:01 openxpki.application.INFO Execute action global_noop2 on workflow #30463 [pid=12497|sid=TSco|wftype=enrollment|wfid=30463|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:45:01 openxpki.application.INFO Execute action global_noop2 on workflow #30463 [pid=12497|sid=TSco|wftype=enrollment|wfid=30463|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:45:01 openxpki.application.INFO Execute action global_noop2 on workflow #30463 [pid=12497|sid=TSco|wftype=enrollment|wfid=30463|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:45:01 openxpki.application.INFO Execute action scep_revoke_existing_certs on workflow #30463 [pid=12497|sid=TSco|wftype=enrollment|wfid=30463|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:45:01 openxpki.application.INFO SCEP autorevoke - no active certs [pid=12497|sid=TSco|wftype=enrollment|wfid=30463|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:45:01 openxpki.application.INFO Execute action scep_revoke_existing_certs on workflow #30463 [pid=12497|sid=TSco|wftype=enrollment|wfid=30463|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:45:01 openxpki.application.INFO SCEP autorevoke - no active certs [pid=12497|sid=TSco|wftype=enrollment|wfid=30463|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:45:01 openxpki.application.INFO Execute action global_noop on workflow #30463 [pid=12497|sid=TSco|wftype=enrollment|wfid=30463|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:45:01 openxpki.application.INFO Execute action global_noop2 on workflow #30463 [pid=12497|sid=TSco|wftype=enrollment|wfid=30463|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:45:01 openxpki.application.INFO Execute action scep_calc_approvals on workflow #30463 [pid=12497|sid=TSco|wftype=enrollment|wfid=30463|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:45:01 openxpki.application.INFO SCEP auto approval for initial enrollment of CN=test6.it-factory.prod.lan,DC=it-factory,O=DRS,L=Monaco,ST=Monaco,C=MC [pid=12497|sid=TSco|wftype=enrollment|wfid=30463|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:45:01 openxpki.audit.approval.INFO scep add approval pointHASH(0x81f0f48) [pid=12497|sid=TSco|wftype=enrollment|wfid=30463|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:45:01 openxpki.application.INFO SCEP got required approval points (1/0) for CN=test6.it-factory.prod.lan,DC=it-factory,O=DRS,L=Monaco,ST=Monaco,C=MC [pid=12497|sid=TSco|wftype=enrollment|wfid=30463|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:45:01 openxpki.audit.approval.INFO scep request fully approvedHASH(0x81da050) [pid=12497|sid=TSco|wftype=enrollment|wfid=30463|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:45:01 openxpki.application.INFO Execute action global_noop2 on workflow #30463 [pid=12497|sid=TSco|wftype=enrollment|wfid=30463|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:45:01 openxpki.application.INFO Execute action global_noop on workflow #30463 [pid=12497|sid=TSco|wftype=enrollment|wfid=30463|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:45:01 openxpki.application.INFO Execute action scep_persist_csr on workflow #30463 [pid=12497|sid=TSco|wftype=enrollment|wfid=30463|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:45:01 openxpki.application.INFO persisted csr for CN=test6.it-factory.prod.lan,DC=it-factory,O=DRS,L=Monaco,ST=Monaco,C=MC with csr_serial 4863 [pid=12497|sid=TSco|wftype=enrollment|wfid=30463|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:45:02 openxpki.application.INFO Execute action global_nice_issue_certificate on workflow #30463 [pid=12497|sid=TSco|wftype=enrollment|wfid=30463|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:45:02 openxpki.application.INFO start cert issue for serial 4863, workflow 30463 [pid=12497|sid=TSco|wftype=enrollment|wfid=30463|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:45:02 openxpki.application.INFO Certificate CN=test6.it-factory.prod.lan,DC=it-factory,O=DRS,L=Monaco,ST=Monaco,C=MC (283339545891964645657727) issued by ca-prod-signer-1 [pid=12497|sid=TSco|wftype=enrollment|wfid=30463|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:45:02 openxpki.audit.cakey.INFO certificate signedHASH(0x8248c28) [pid=12497|sid=TSco|wftype=enrollment|wfid=30463|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:45:02 openxpki.audit.entity.INFO certificate issuedHASH(0x8230630) [pid=12497|sid=TSco|wftype=enrollment|wfid=30463|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:45:02 openxpki.application.INFO Execute action scep_persist_cert_metadata on workflow #30463 [pid=12497|sid=TSco|wftype=enrollment|wfid=30463|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:45:02 openxpki.application.INFO Execute action scep_notify_cert_issued on workflow #30463 [pid=12497|sid=TSco|wftype=enrollment|wfid=30463|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:45:02 openxpki.application.INFO Trigger notification message scep_cert_issued [pid=12497|sid=TSco|wftype=enrollment|wfid=30463|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:45:02 openxpki.system.WARN Not a mail address: [pid=12497|sid=TSco|wftype=enrollment|wfid=30463|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:45:02 openxpki.system.WARN Failed sending notification - no receipient [pid=12497|sid=TSco|wftype=enrollment|wfid=30463|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:45:02 openxpki.application.INFO Execute action global_noop on workflow #30463 [pid=12497|sid=TSco|wftype=enrollment|wfid=30463|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:45:02 openxpki.application.INFO Execute action scep_publish_certificate on workflow #30463 [pid=12497|sid=TSco|wftype=enrollment|wfid=30463|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:45:02 openxpki.application.INFO Execute action certpublish_initialize on workflow #30719 [pid=12497|sid=TSco|wftype=certificate_publishing|wfid=30719|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:45:02 openxpki.application.INFO Execute action global_disconnect on workflow #30719 [pid=12497|sid=TSco|wftype=certificate_publishing|wfid=30719|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:45:02 openxpki.application.INFO Action global_disconnect paused (I18N_OPENXPKI_UI_WORKFLOW_MOVE_TO_BACKGROUND), wakeup 2018-09-27T13:45:03 [pid=12497|sid=TSco|wftype=certificate_publishing|wfid=30719|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:45:02 Workflow.ERROR Caught exception from action: [Generic exception]; reset workflow to old state 'WAITING_FOR_START' [pid=12497|sid=TSco|wftype=certificate_publishing|wfid=30719|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:45:02 openxpki.application.INFO Publishing workflow created with id 30719 [pid=12497|sid=TSco|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:45:02 openxpki.application.INFO Execute action scep_invalidate_challenge_pass on workflow #30463 [pid=12497|sid=TSco|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:45:03 openxpki.application.INFO SCEP started new workflow with id 30463, state SUCCESS [pid=12497|sid=TSco|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:45:03 system.crypto.ERROR OpenSSL error: OpenCA Simple Certificate Enrollment Protocol Tools (c) 2002 by Massimiliano Pala and OpenCA Group OpenCA licensed software USAGE: openca-scep [ args ] -new build a new SCEP message. -in file input SCEP message file (default is stdin) -out file write SCEP message to file (default is stdout). -inform input data format (default is PEM). -outform output data format (default is PEM). -signcert file signer certificate for SCEP message. -signcertform certificate file format (default is PEM). -reccert file recipient encoding certificate for SCEP message. -reccertform certificate file format (default is PEM). -keyfile file decoding secret key file. -keyform decoding secret key file format (default is PEM). -passin arg Password passing method (check openssl for options). -passwd pwd Password protecting the private key (if any). -CAfile file CA's trusted certificate. -CAform CA's trusted certificate format (default is PEM). New Message Extensions: -msgtype <arg> new message format type (default is PKCSReq). -print_serial print serial (CertReq msgtype). -status <arg> new SCEP message status (SUCCESS|PENDING|FAILURE). -failinfo <arg> new SCEP message failure info ( BadAlg|... ). -recnonce <arg> new SCEP message Recipient NONCE val (i.e. 04:A4:...). -sendnonce <arg> new SCEP message Sender NONCE val (i.e. 04:06:FF:...). -copynonce copy NONCE from input message (generate the reply). -des encrypt envelope with normal des (default is 3des). Data Content (to be added in the envelope): -reqfile file pkcs#10 request to be included into the PKCSReq. -reqformat file pkcs#10 request's format. -crlfile file CRL to be included into the CertRep Message. -crlformat file CRL's format. -issuedcert file issued cert to be added to a SUCCESS CertRep msg. -issuedcertform issued cert file format (default is PEM). -serial serial of requested certificate (CertReq msgtype). -text Prints out data in human readable form. -print_scert print signer's certificate. -print_req print request data (PKCSReq messages). -print_crl print CRL (CertRep messages). -print_sendnonce print used sender NONCE. -print_recnonce print used recipient NONCE. -print_transid print used transaction ID. -print_msgtype print message type. -noout Do not output original data. -version Print Package Version and exits. -debug Output Debugging information. -v Talk alot while doing things [pid=12497|sid=TSco|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:45:03 openxpki.system.ERROR I18N_OPENXPKI_CRYPTO_CLI_EXECUTE_FAILED; __EXIT_STATUS__ => 256 [pid=12497|sid=TSco|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:45:03 openxpki.system.ERROR I18N_OPENXPKI_TOOLKIT_COMMAND_FAILED; __COMMAND__ => OpenXPKI::Crypto::Tool::SCEP::Command::create_certificate_reply; __ERRVAL__ => I18N_OPENXPKI_CRYPTO_CLI_EXECUTE_FAILED; __EXIT_STATUS__ => 256 [pid=12497|sid=TSco|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:45:03 openxpki.system.ERROR Error executing SCEP command 'PKIOperation': I18N_OPENXPKI_TOOLKIT_COMMAND_FAILED; __COMMAND__ => OpenXPKI::Crypto::Tool::SCEP::Command::create_certificate_reply; __ERRVAL__ => I18N_OPENXPKI_CRYPTO_CLI_EXECUTE_FAILED; __EXIT_STATUS__ => 256 [pid=12497|sid=TSco|sceptid=EC6B7939CE785764476E61D4C5C5F340] 2018/09/27 15:45:07 openxpki.application.INFO Execute action global_disconnect on workflow #30719 [pid=12511|user=scep-ca-prod|role=RA Operator|sid=TpPB] 2018/09/27 15:45:07 openxpki.application.INFO Execute action certpublish_publish_profile on workflow #30719 [pid=12511|user=scep-ca-prod|role=RA Operator|sid=TpPB] 2018/09/27 15:45:07 openxpki.application.INFO Start publication to test6.it-factory.prod.lan for CN=test6.it-factory.prod.lan,DC=it-factory,O=DRS,L=xxxxx,ST=xxxxx,C=xx [pid=12511|user=scep-ca-prod|role=RA Operator|sid=TpPB]
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
