Hey, which Apple OS are you using in this test? Have you ever had a working configuration with any Apple SCEP client during you testing?
My guess here is that you problem is not with the "trust" part of OpenXPKI configuration but rather with the content of the SCEP message client is sending to the server. Could you share your (redacted) .mobileconfig file? Michal Moravec On 24. 10. 2021, at 20:09, Martin Arendtsen <[email protected]<mailto:[email protected]>> wrote: Hi I have been reading on the ML about this problem but I’m not able to fix it with the commit (https://github.com/openxpki/openxpki-config/commit/802162e6d4ae719c0728ddc392be7f76de1d7815) When trying to retrieve a certificate by SCEP I get this error. 2021/10/24 19:46:16 openxpki.system.ERROR message_static_functions.c:249: Not valid CSR after decrpytion LibSCEP.xs:1197: scep_unwrap failed 34374492160:error:0D0C40D8:asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding:/usr/src/crypto/openssl/crypto/asn1/a_object.c:254: 34374492160:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:646:Field=object, Type=X509_NAME_ENTRY 34374492160:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:615: 34374492160:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:615: 34374492160:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:646:Field=subject, Type=X509_REQ_INFO 34374492160:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:646:Field=req_info, Type=X509_REQ [pid=80956|sid=Sonc] 2021/10/24 19:46:16 openxpki.system.ERROR I18N_OPENXPKI_TOOLKIT_COMMAND_FAILED; __COMMAND__ => OpenXPKI::Crypto::Tool::LibSCEP::Command::unwrap, __ERRVAL__ => message_static_functions.c:249: Not valid CSR after decrpytion LibSCEP.xs:1197: scep_unwrap failed 34374492160:error:0D0C40D8:asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding:/usr/src/crypto/openssl/crypto/asn1/a_object.c:254: 34374492160:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:646:Field=object, Type=X509_NAME_ENTRY 34374492160:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:615: 34374492160:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:615: 34374492160:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:646:Field=subject, Type=X509_REQ_INFO 34374492160:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:646:Field=req_info, Type=X509_REQ [pid=80956|sid=Sonc] 2021/10/24 19:46:16 openxpki.system.ERROR Error executing SCEP command 'PKIOperation': I18N_OPENXPKI_TOOLKIT_COMMAND_FAILED; __COMMAND__ => OpenXPKI::Crypto::Tool::LibSCEP::Command::unwrap, __ERRVAL__ => message_static_functions.c:249: Not valid CSR after decrpytion LibSCEP.xs:1197: scep_unwrap failed 34374492160:error:0D0C40D8:asn1 encoding routines:c2i_ASN1_OBJECT:invalid object encoding:/usr/src/crypto/openssl/crypto/asn1/a_object.c:254: 34374492160:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:646:Field=object, Type=X509_NAME_ENTRY 34374492160:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:615: 34374492160:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:615: 34374492160:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:646:Field=subject, Type=X509_REQ_INFO 34374492160:error:0D08303A:asn1 encoding routines:asn1_template_noexp_d2i:nested asn1 error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:646:Field=req_info, Type=X509_REQ [pid=80956|sid=Sonc] I have added the fix as linked above but it still gives me that error. sscep works like a charm. So I need a hint to what I have missed - any ideas? Best regards Martin Arendtsen _______________________________________________ OpenXPKI-users mailing list [email protected]<mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/openxpki-users
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
