Hi Martin, regardless of the fact that the certificate was issued, do you get a "proper" pendig/failure response and can you see the workflow on the webinterface? I can see several of them where some are manually approved and some are rejected but it looks in the end like they get processed.
Oliver Am 23.11.21 um 22:07 schrieb Martin Arendtsen: > So I gave it a try. > > Still gives me an error. > I used the challenge from the sample configuration. > If that isn’t the correct challenge please let me know. > > You s hould see requests from 2001:1448:2c0:202:1536:a0af:f28a:7bbd > or 89.186.174.37 > > /Martin > > On 23 Nov 2021 at 13.31.56, Martin Arendtsen > <[email protected] <mailto:mga%[email protected]>> wrote: >> Perfect. >> >> I'll give it a try later today. >> >> /Martin >> >> On Mon, Nov 22, 2021 at 11:11 AM Oliver Welter <[email protected] >> <mailto:[email protected]>> wrote: >> >> Hi Martin, >> >> we have a first beta version of the new SCEP server and I have >> installed it on our demo.openxpki.org <http://demo.openxpki.org> >> server. So in case you are able to test against this, I would >> appreciate if you can give it a try. The service will also be >> part of the next release which will likely be done by the end of >> the week - so if you prefer/need to test in your own environment >> this will also be possible. >> >> The new code is a pure perl implemenation and will accept any >> nonce size (and respond with a nonce of the same size) so I hope >> that the problem with 8 Bytes nonces will be solved. Any feedback >> is highly appreciated. >> >> best regards >> >> Oliver >> >> Am 24.10.21 um 20:09 schrieb Martin Arendtsen: >>> Hi >>> >>> I have been reading on the ML about this problem but I’m not >>> able to fix it with the commit >>> >>> (https://github.com/openxpki/openxpki-config/commit/802162e6d4ae719c0728ddc392be7f76de1d7815 >>> >>> <https://github.com/openxpki/openxpki-config/commit/802162e6d4ae719c0728ddc392be7f76de1d7815>) >>> >>> When trying to retrieve a certificate by SCEP I get this error. >>> >>> 2021/10/24 19:46:16 openxpki.system.ERROR >>> message_static_functions.c:249: Not valid CSR after decrpytion >>> LibSCEP.xs:1197: scep_unwrap failed >>> 34374492160:error:0D0C40D8:asn1 encoding >>> routines:c2i_ASN1_OBJECT:invalid object >>> encoding:/usr/src/crypto/openssl/crypto/asn1/a_object.c:254: >>> 34374492160:error:0D08303A:asn1 encoding >>> routines:asn1_template_noexp_d2i:nested asn1 >>> error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:646:Field=object, >>> Type=X509_NAME_ENTRY >>> 34374492160:error:0D08303A:asn1 encoding >>> routines:asn1_template_noexp_d2i:nested asn1 >>> error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:615: >>> 34374492160:error:0D08303A:asn1 encoding >>> routines:asn1_template_noexp_d2i:nested asn1 >>> error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:615: >>> 34374492160:error:0D08303A:asn1 encoding >>> routines:asn1_template_noexp_d2i:nested asn1 >>> error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:646:Field=subject, >>> Type=X509_REQ_INFO >>> 34374492160:error:0D08303A:asn1 encoding >>> routines:asn1_template_noexp_d2i:nested asn1 >>> error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:646:Field=req_info, >>> Type=X509_REQ >>> [pid=80956|sid=Sonc] >>> 2021/10/24 19:46:16 openxpki.system.ERROR >>> I18N_OPENXPKI_TOOLKIT_COMMAND_FAILED; __COMMAND__ => >>> OpenXPKI::Crypto::Tool::LibSCEP::Command::unwrap, __ERRVAL__ => >>> message_static_functions.c:249: Not valid CSR after decrpytion >>> LibSCEP.xs:1197: scep_unwrap failed >>> 34374492160:error:0D0C40D8:asn1 encoding >>> routines:c2i_ASN1_OBJECT:invalid object >>> encoding:/usr/src/crypto/openssl/crypto/asn1/a_object.c:254: >>> 34374492160:error:0D08303A:asn1 encoding >>> routines:asn1_template_noexp_d2i:nested asn1 >>> error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:646:Field=object, >>> Type=X509_NAME_ENTRY >>> 34374492160:error:0D08303A:asn1 encoding >>> routines:asn1_template_noexp_d2i:nested asn1 >>> error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:615: >>> 34374492160:error:0D08303A:asn1 encoding >>> routines:asn1_template_noexp_d2i:nested asn1 >>> error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:615: >>> 34374492160:error:0D08303A:asn1 encoding >>> routines:asn1_template_noexp_d2i:nested asn1 >>> error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:646:Field=subject, >>> Type=X509_REQ_INFO >>> 34374492160:error:0D08303A:asn1 encoding >>> routines:asn1_template_noexp_d2i:nested asn1 >>> error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:646:Field=req_info, >>> Type=X509_REQ >>> [pid=80956|sid=Sonc] >>> 2021/10/24 19:46:16 openxpki.system.ERROR Error executing SCEP >>> command 'PKIOperation': I18N_OPENXPKI_TOOLKIT_COMMAND_FAILED; >>> __COMMAND__ => OpenXPKI::Crypto::Tool::LibSCEP::Command::unwrap, >>> __ERRVAL__ => message_static_functions.c:249: Not valid CSR >>> after decrpytion >>> LibSCEP.xs:1197: scep_unwrap failed >>> 34374492160:error:0D0C40D8:asn1 encoding >>> routines:c2i_ASN1_OBJECT:invalid object >>> encoding:/usr/src/crypto/openssl/crypto/asn1/a_object.c:254: >>> 34374492160:error:0D08303A:asn1 encoding >>> routines:asn1_template_noexp_d2i:nested asn1 >>> error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:646:Field=object, >>> Type=X509_NAME_ENTRY >>> 34374492160:error:0D08303A:asn1 encoding >>> routines:asn1_template_noexp_d2i:nested asn1 >>> error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:615: >>> 34374492160:error:0D08303A:asn1 encoding >>> routines:asn1_template_noexp_d2i:nested asn1 >>> error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:615: >>> 34374492160:error:0D08303A:asn1 encoding >>> routines:asn1_template_noexp_d2i:nested asn1 >>> error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:646:Field=subject, >>> Type=X509_REQ_INFO >>> 34374492160:error:0D08303A:asn1 encoding >>> routines:asn1_template_noexp_d2i:nested asn1 >>> error:/usr/src/crypto/openssl/crypto/asn1/tasn_dec.c:646:Field=req_info, >>> Type=X509_REQ >>> [pid=80956|sid=Sonc] >>> >>> I have added the fix as linked above but it still gives me that >>> error. >>> sscep works like a charm. >>> >>> So I need a hint to what I have missed - any ideas? >>> >>> Best regards >>> Martin Arendtsen >>> >>> >>> _______________________________________________ >>> OpenXPKI-users mailing list >>> [email protected] >>> <mailto:[email protected]> >>> https://lists.sourceforge.net/lists/listinfo/openxpki-users >>> <https://lists.sourceforge.net/lists/listinfo/openxpki-users> >> >> >> -- >> Protect your environment - close windows and adopt a penguin! >> >> _______________________________________________ >> OpenXPKI-users mailing list >> [email protected] >> <mailto:[email protected]> >> https://lists.sourceforge.net/lists/listinfo/openxpki-users >> <https://lists.sourceforge.net/lists/listinfo/openxpki-users> >> > > > _______________________________________________ > OpenXPKI-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/openxpki-users -- Protect your environment - close windows and adopt a penguin!
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
