Hello everyone, I've been trying to enroll with dogtag via SSCEP for the last few days to no avail and I've reached the end of my rope, so I'm reaching out for your help (which I very much would appreciate).
I am running Ubuntu and my dogtag versions are: hayg@hayg:~$ dpkg -l | grep dogtag > ii dogtag-pki 10.2.6-1 > all Dogtag Public Key Infrastructure (PKI) Suite > ii dogtag-pki-console-theme 10.2.6-1 > all Certificate System - PKI Console User Interface > ii dogtag-pki-server-theme 10.2.6-1 > all Certificate System - PKI Server User Interface My SSCEP: [~/sscep]$ cat VERSION > 0.6.1 My flatfile.txt: hayg@hayg:~$ sudo cat /var/lib/pki/pki-tomcat/conf/ca/flatfile.txt > #UID:172.16.24.238 > #PWD:1212 > UID:10.129.25.186 > PWD:secret (I restarted my pki-tomcatd service just in case, to make sure it took effect) On the SSCEP side I'm doing: ./sscep enroll -l cert.pem -r local.csr -k local.key -c astourian.crt -u ' http://hayg.astourian.info:8080/ca/cgi-bin/pkiclient.exe' This fails because the request is getting deferred and I have fail on defer set to true, per the docs. The request actually shows up in 'List Certificates' when I go to the web UI, but when I try to approve it, I get: > The Certificate System has encountered an unrecoverable error. > Error Message: > > *java.lang.NullPointerException*Please contact your local administrator > for assistance. When I try to resume the enrollment by adding the -R flag to sscep it fails with the following error in the logs: CRSEnrollment: No certificate has been found My CSR: [~/sscep]$ openssl req -in local.csr -noout -text > Certificate Request: > Data: > Version: 0 (0x0) > Subject: CN=10.129.25.186 > Subject Public Key Info: > Public Key Algorithm: rsaEncryption > Public-Key: (1024 bit) > Modulus: > 00:ab:f4:b7:55:bd:26:51:b7:65:b9:51:4e:08:31: > 83:ef:d6:b7:97:cc:cb:82:4b:a6:3f:be:ac:1c:9a: > f5:1e:0d:56:7c:6a:be:d3:49:17:b6:ba:42:05:eb: > 6c:e2:ff:2b:0f:64:d5:ae:e8:5b:6c:f8:df:74:ef: > 1f:a1:94:50:4c:35:90:bc:02:2b:2a:e3:80:b6:e1: > 75:a0:34:4d:74:0b:47:2c:f5:2d:87:2a:72:4a:93: > 5b:76:a8:cc:96:56:0b:de:62:69:1e:37:30:eb:49: > 4a:0a:8c:55:c4:0e:a7:9d:95:88:2d:ed:15:19:c6: > 19:93:02:84:40:09:40:44:b1 > Exponent: 65537 (0x10001) > Attributes: > challengePassword :secret > Requested Extensions: > X509v3 Subject Alternative Name: critical > IP Address:10.129.25.186 > Signature Algorithm: sha1WithRSAEncryption > 7e:85:96:60:54:ed:c7:fd:d4:9d:b9:48:4c:d6:5a:2d:b1:62: > 8f:26:58:04:da:f2:6d:cf:c7:59:dc:b5:b2:a9:69:8d:e0:df: > 4d:26:7b:51:3e:d5:f4:90:21:d9:20:69:6f:6f:e1:58:28:90: > 05:a7:38:1b:04:05:e6:84:03:78:95:90:d6:da:0c:56:c1:e9: > 16:d4:01:15:c5:5e:06:3f:44:48:6e:e5:dd:f6:dc:62:0a:f9: > af:e7:c5:3d:0a:86:b1:99:40:90:ff:30:02:92:91:fb:dd:50: > f0:df:bf:73:96:6f:04:3e:73:66:02:86:66:a0:00:fa:a7:58: > ea:ae As you can see, the password is "secret" and the CN is the UID from flatfile.txt. I welcome you all to try enrolling with my server. I can then try approving and see if it works. Again, I very much appreciate all of your help. Please excuse my wall of text x_x Thanks, Hayg
_______________________________________________ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/mailman/listinfo/pki-devel
