So I gave it a try. Still gives me an error. I used the challenge from the sample configuration. If that isn’t the correct challenge please let me know.
You s hould see requests from 2001:1448:2c0:202:1536:a0af:f28a:7bbd or 89.186.174.37 /Martin On 23 Nov 2021 at 13.31.56, Martin Arendtsen <[email protected]> wrote: > Perfect. > > I'll give it a try later today. > > /Martin > > On Mon, Nov 22, 2021 at 11:11 AM Oliver Welter <[email protected]> wrote: > >> Hi Martin, >> >> we have a first beta version of the new SCEP server and I have installed >> it on our demo.openxpki.org server. So in case you are able to test >> against this, I would appreciate if you can give it a try. The service will >> also be part of the next release which will likely be done by the end of >> the week - so if you prefer/need to test in your own environment this will >> also be possible. >> >> The new code is a pure perl implemenation and will accept any nonce size >> (and respond with a nonce of the same size) so I hope that the problem with >> 8 Bytes nonces will be solved. Any feedback is highly appreciated. >> >> best regards >> >> Oliver >> >> Am 24.10.21 um 20:09 schrieb Martin Arendtsen: >> >> Hi >> >> I have been reading on the ML about this problem but I’m not able to fix >> it with the commit ( >> https://github.com/openxpki/openxpki-config/commit/802162e6d4ae719c0728ddc392be7f76de1d7815 >> ) >> >> When trying to retrieve a certificate by SCEP I get this error. >> >> 2021/10/24 19:46:16 openxpki.system.ERROR message_static_functions.c:249: >> Not valid CSR after decrpytion >> LibSCEP.xs:1197: scep_unwrap failed >> 34374492160:error:0D0C40D8:asn1 encoding routines:c2i_ASN1_OBJECT:invalid >> object encoding:/usr/src/crypto/openssl/crypto/asn1/a_object.c:254: >> 34374492160:error:0D08303A:asn1 encoding >> routines:asn1_template_noexp_d2i:nested asn1 >> error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:646:Field=object, >> Type=X509_NAME_ENTRY >> 34374492160:error:0D08303A:asn1 encoding >> routines:asn1_template_noexp_d2i:nested asn1 >> error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:615: >> 34374492160:error:0D08303A:asn1 encoding >> routines:asn1_template_noexp_d2i:nested asn1 >> error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:615: >> 34374492160:error:0D08303A:asn1 encoding >> routines:asn1_template_noexp_d2i:nested asn1 >> error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:646:Field=subject, >> Type=X509_REQ_INFO >> 34374492160:error:0D08303A:asn1 encoding >> routines:asn1_template_noexp_d2i:nested asn1 >> error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:646:Field=req_info, >> Type=X509_REQ >> [pid=80956|sid=Sonc] >> 2021/10/24 19:46:16 openxpki.system.ERROR >> I18N_OPENXPKI_TOOLKIT_COMMAND_FAILED; __COMMAND__ => >> OpenXPKI::Crypto::Tool::LibSCEP::Command::unwrap, __ERRVAL__ => >> message_static_functions.c:249: Not valid CSR after decrpytion >> LibSCEP.xs:1197: scep_unwrap failed >> 34374492160:error:0D0C40D8:asn1 encoding routines:c2i_ASN1_OBJECT:invalid >> object encoding:/usr/src/crypto/openssl/crypto/asn1/a_object.c:254: >> 34374492160:error:0D08303A:asn1 encoding >> routines:asn1_template_noexp_d2i:nested asn1 >> error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:646:Field=object, >> Type=X509_NAME_ENTRY >> 34374492160:error:0D08303A:asn1 encoding >> routines:asn1_template_noexp_d2i:nested asn1 >> error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:615: >> 34374492160:error:0D08303A:asn1 encoding >> routines:asn1_template_noexp_d2i:nested asn1 >> error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:615: >> 34374492160:error:0D08303A:asn1 encoding >> routines:asn1_template_noexp_d2i:nested asn1 >> error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:646:Field=subject, >> Type=X509_REQ_INFO >> 34374492160:error:0D08303A:asn1 encoding >> routines:asn1_template_noexp_d2i:nested asn1 >> error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:646:Field=req_info, >> Type=X509_REQ >> [pid=80956|sid=Sonc] >> 2021/10/24 19:46:16 openxpki.system.ERROR Error executing SCEP command >> 'PKIOperation': I18N_OPENXPKI_TOOLKIT_COMMAND_FAILED; __COMMAND__ => >> OpenXPKI::Crypto::Tool::LibSCEP::Command::unwrap, __ERRVAL__ => >> message_static_functions.c:249: Not valid CSR after decrpytion >> LibSCEP.xs:1197: scep_unwrap failed >> 34374492160:error:0D0C40D8:asn1 encoding routines:c2i_ASN1_OBJECT:invalid >> object encoding:/usr/src/crypto/openssl/crypto/asn1/a_object.c:254: >> 34374492160:error:0D08303A:asn1 encoding >> routines:asn1_template_noexp_d2i:nested asn1 >> error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:646:Field=object, >> Type=X509_NAME_ENTRY >> 34374492160:error:0D08303A:asn1 encoding >> routines:asn1_template_noexp_d2i:nested asn1 >> error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:615: >> 34374492160:error:0D08303A:asn1 encoding >> routines:asn1_template_noexp_d2i:nested asn1 >> error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:615: >> 34374492160:error:0D08303A:asn1 encoding >> routines:asn1_template_noexp_d2i:nested asn1 >> error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:646:Field=subject, >> Type=X509_REQ_INFO >> 34374492160:error:0D08303A:asn1 encoding >> routines:asn1_template_noexp_d2i:nested asn1 >> error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:646:Field=req_info, >> Type=X509_REQ >> [pid=80956|sid=Sonc] >> >> I have added the fix as linked above but it still gives me that error. >> sscep works like a charm. >> >> So I need a hint to what I have missed - any ideas? >> >> Best regards >> Martin Arendtsen >> >> >> _______________________________________________ >> OpenXPKI-users mailing >> [email protected]https://lists.sourceforge.net/lists/listinfo/openxpki-users >> >> >> -- >> Protect your environment - close windows and adopt a penguin! >> >> _______________________________________________ >> OpenXPKI-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/openxpki-users >> >
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
