Hi Ed,
did you create a new Key/CSR? As OpenXPKI picks up existing workflows
based on the used CSR you will otherwise always end up in the old/broken
workflow.
best regards
Oliver
On 06.02.25 03:51, Jean-Baptiste, Edwige via OpenXPKI-users wrote:
Hi Oliver,
Thank you for the feedback, however changing the endpoint as you
suggested did not make any difference (with or without appending
“pkiclient”). I am still getting the same error, except that the scep
log makes reference to “ep=generic”, as seen below. Is there anything
else I can try to resolve the problem?
sending scep request to 'http://localhost:8080/scep/generic/pkiclient'
sending request to
'http://localhost:8080/scep/generic/pkiclient?operation=PKIOperation'...
did not receive a valid SCEP response: HTTP 400
SCEP Log:
2025/02/06 02:25:16 ERR Request was rejected:
I18N_OPENXPKI_UI_INVALID_PROFILE [pid=86|ep=generic]
2025/02/06 02:25:16 WAR Client error / malformed request: badRequest
(internal code: 40006) [pid=86|ep=generic]
Is the scep enrollment command itself missing something? Since I am
getting malformed request : badRequest
sudo bash -c 'pki --scep --debug 4 --url
http://localhost:8080/scep/generic/pkiclient --outform pem
--cacert-enc racert.pem --cacert-sig cacert-1.pem --cacert cacert.pem
--in scep.key --san "myScepClient.test.org" --dn "C=CH, O=strongswan
Project, CN=myScepClient.test.org" --interval 10 --maxpolltime 120 >
scep.crt'
Thanks,
Ed
*From:*Oliver Welter <[email protected]>
*Sent:* Wednesday, February 5, 2025 3:14 AM
*To:* [email protected]
*Subject:* Re: [OpenXPKI-users] SCEP enrollment failure ( sending
request to
'http://localhost:8080/scep/pkiclient?operation=PKIOperation'... did
not receive a valid SCEP response: HTTP 400)
Hello Ed,
OpenXPKI can serve multiple SCEP endpoints and therefore requires that
you address them properly - the default configuration provides the
endpoint named "generic", so please replace the SCEP URI with
http://yourhost/scep/generic (you can leave the pkiclient at the end
as this is stripped)
Oliver
On 05.02.25 00:16, Jean-Baptiste, Edwige via OpenXPKI-users wrote:
I am new to SCEP. I installed OpenXPKI following the installation
guide, I ran the sampleconfig script. I am able to use the WebUI
test platform to generate/enroll certificates. When I try to
enroll a certificate using "pki --scep" from the Strongswan 5.9.13
package, I encounter an error. Can anyone help me figure this out?
Here are the steps I took until the the failure from the client
side. The first two commands succeeded. The full enrollment output
is attached.
sudo openssl genrsa -out scep.key 2048
sudo pki --scepca --debug 3 --url
http://localhost:8080/scep/pkiclient --outform pem --caout cacert
--raout racert
sudo bash -c 'pki --scep --debug 4 --url
http://localhost:8080/scep/pkiclient --outform pem --cacert-enc
racert.pem --cacert-sig cacert-1.pem --cacert cacert.pem --in
scep.key --san "myScepClient.test.org" --dn "C=CH, O=strongswan
Project, CN=myScepClient.test.org" --interval 10 --maxpolltime 120
> scep.crt'
sending scep request to 'http://localhost:8080/scep/pkiclient'
sending request to
'http://localhost:8080/scep/pkiclient?operation=PKIOperation'...
did not receive a valid SCEP response: HTTP 400
SCEP Log:
2025/02/04 06:34:02 ERR Request was rejected:
I18N_OPENXPKI_UI_INVALID_PROFILE [pid=86|ep=pkiclient]
2025/02/04 06:34:02 WAR Client error / malformed request:
badRequest (internal code: 40006) [pid=86|ep=pkiclient]
Thanks,
Ed
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
--
Protect your environment - close windows and adopt a penguin!
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
--
Protect your environment - close windows and adopt a penguin!
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
