Hi Nick,
Am 22.06.21 um 03:08 schrieb Nick Dawson: > > If I ra | issuer: endentity or chain, I get an SSL error. BUT scep.log > looks like it can interpret the request > > Openxpki.log: > > ERROR Error executing SCEP command 'PKIOperation': > I18N_OPENXPKI_TOOLKIT_COMMAND_FAILED; __COMMAND__ => > OpenXPKI::Crypto::Tool::LibSCEP::Command::unwrap, __ERRVAL__ => > 34370961408:error:0B080074:x509 certificate > routines:X509_check_private_key:key values > mismatch:/usr/src/crypto/openssl/crypto/x509/x509_cmp.c:297: > 34370961408:error:2107207F:PKCS7 routines:PKCS7_decrypt:private key > does not match > certificate:/usr/src/crypto/openssl/crypto/pkcs7/pk7_smime.c:495: > message_static_functions.c:221: decryption failed > LibSCEP.xs:1197: scep_unwrap failed this sounds as you now finally broke your SCEP setup - if you really ignored the SQL errors (and have created a new key) then your Cert and Key does not match so you get a crypto error. All logs you have shown are far away from an enrollment request where we have to work around the "signer cert" problem. I suggest you just create a new token (key and cert) and import it again, this should create a new SCEP Token alias with a new generation number. Make sure your DataVault token ist operational before you try loading the key! Oliver -- Protect your environment - close windows and adopt a penguin! _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
