[OpenXPKI-users] OpenXPKI request CRL with SSCEP

Fri, 01 Dec 2023 07:43:40 -0800 

Hello,
For a few days, I've been trying to request the OpenXPKI CRL using the SCEP 
GetCrl with SSCEP operation but without success ☹.

I used:

  *   OpenXPKI Community Edition v3.26.1
  *   Sscep version: 0.10.0

1 –
First, I start with getca to retrieve the PKI chain :  sscep getca -c pki.crt 
-u http://192.168.1.91:80/scep -v -d
the script return:

  *   pki.crt-0 : ra-scep certificate
  *   pki.crt-1 : Issuing certificate
  *   pki.crt-2 : Root certificate

2 –
Next, I tried to enroll my certificate : sscep enroll -u 
http://192.168.1.91:80/scep -v -d -c pki.crt-0 -k local.key -r local.csr -l 
local.crt
The script return: a signed certificate
...
sscep: decrypting inner PKCS#7
sscep: PKCS#7 payload size: 2684 bytes
write_local_cert(): found 2 cert(s)
sscep: found certificate with
  subject: '/C=FR/OU=RnD/CN=20231123-1001'
  issuer: /C=DE/O=OpenXPKI/OU=PKI/CN=OpenXPKI Demo Issuing CA 20230814
  request_subject: '/C=FR/OU=RnD/CN=20231123-1001'
Subject of the returned certificate: /C=FR/OU=RnD/CN=20231123-1001
Subject of the request: /C=FR/OU=RnD/CN=20231123-1001
CN's of request and certificate matched!
sscep: certificate written as local.crt
...

3 –
And I continued with getcrl : sscep getcrl -c pki.crt-0 -k local.key -l 
local.crt -w pki.crl -u http://192.168.1.91:80/scep -v -d
But the getcrl failed with the error:
...
sscep: server response status code: 500, MIME header: text/html
sscep: wrong (or missing) MIME content type
sscep: error while sending message

Maybe I forgot something ? Can you help me please!
Thanks.

Full SSCEP debug

sscep: starting sscep, version 0.10.0
sscep: new transaction
sscep: transaction id: SSCEP transactionId
sscep: hostname: 192.168.1.91
sscep: directory: scep
sscep: port: 80
sscep: SCEP_OPERATION_GETCAPS
sscep: scep request:
GET /scep?operation=GetCACaps HTTP/1.1
Host: 192.168.1.91
Connection: close

sscep: connecting to 192.168.1.91:80
sscep: server response status code: 200, MIME header: text/plain
Renewal
POSTPKIOperation
SHA-512
SHA-384
SHA-256
SHA-224
SHA-1
DES3
AES
sscep: scep caps bitmask: 0x03fb
sscep: requesting crl for serial number 
300182766324721378942348060366172347826210546539 and issuer /CN=debian:scep-ra
sscep: SCEP_OPERATION_GETCRL
sscep: requesting crl
sscep: request data dump
-----BEGIN CERTIFICATE REQUEST-----
-----END CERTIFICATE REQUEST-----
sscep: data payload size: 51 bytes

sscep: hexdump request payload
303130193117301506035504030c0e64656269616e3a736365702d7261021434ffffff94ffffffa92912ffffff81ffffffb9ffffffe0114b722b1affffffe71e19ffffffd9ffffff8f236b
sscep: hexdump payload 51
sscep: successfully encrypted payload
sscep: envelope size: 666 bytes
sscep: printing PEM fomatted PKCS#7
-----BEGIN PKCS7-----
-----END PKCS7-----
sscep: creating outer PKCS#7
sscep: signature added successfully
sscep: adding signed attributes
sscep: adding string attribute transId
sscep: adding string attribute messageType
sscep: adding octet attribute senderNonce
sscep: PKCS#7 data written successfully
sscep: printing PEM fomatted PKCS#7
-----BEGIN PKCS7-----
-----END PKCS7-----
sscep: payload size: 2809 bytes
sscep: scep request:
POST /scep?operation=PKIOperation HTTP/1.1
Host: 192.168.1.91
Connection: close
Content-Length: 2809

0
[1]      *H
0
10  `He
________________________________
________________________________
[1]
________________________________
sscep: connecting to 192.168.1.91:80
sscep: server response status code: 500, MIME header: text/html
sscep: wrong (or missing) MIME content type
sscep: error while sending message


General

_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users






















					Reply via email to