Hello dear PKI-users! Our pki system version is: Fedora 29. pki-server-10.8.0-0.1.fc30.noarch
We are configured SCEP following: https://www.dogtagpki.org/wiki/SCEP_Setup CS.cfg: ... ca.scep.allowedEncryptionAlgorithms=DES,DES3 ca.scep.allowedHashAlgorithms=MD5,SHA1,SHA256,SHA512 ca.scep.enable=true ca.scep.encryptionAlgorithm=DES ca.scep.hashAlgorithm=MD5 ca.scep.nonceSizeLimit=16 ... we also - installed SSCEP client - generated CA certificate $ sscep getca -u http://$HOSTNAME:8080/ca/cgi-bin/pkiclient.exe -c ca.crt it is checked by $ openssl x509 -in ca.crt -text and it is correct - generated CSR request and a key $ /usr/bin/mkrequest -ip 172.16.24.238 Uojs93wkfd0IS and when trying to test enroll we are getting the followng error: (Could not unwrap PKCS10 blob: java.security.cert.CertificateException: Error instantiating class for challenge_password java.lang.ClassNotFoundException): # sscep enroll -u http://$HOSTNAME:8080/ca/cgi-bin/pkiclient.exe -c ca.crt -k local.key -r local.csr -l cert.crt -d sscep: starting sscep, version 0.6.1 sscep: new transaction sscep: transaction id: D41D8CD98F00B204E9800998ECF8427E sscep: hostname: ca.lvm.postmet.com sscep: directory: ca/cgi-bin/pkiclient.exe sscep: port: 8080 sscep: Read request with transaction id: 9A6C3918C54DB994E7E951505983A181 sscep: generating selfsigned certificate sscep: SCEP_OPERATION_ENROLL sscep: sending certificate request sscep: creating inner PKCS#7 sscep: inner PKCS#7 in mem BIO sscep: request data dump -----BEGIN CERTIFICATE REQUEST----- MIIBmz..........GDEWMBQGA1UEAwwNMTcyLjE2LjI0LjIzODCBnzANBgkqhkiG 9w0BAQEFAAOBjQAwgYkCgYEAsfeobE3UTqt4Sd9vPnyG+ugzbW9uG1nXlm8Vv39M ACJqfgxU6os8Kh6sElQcjXn5lNiy8L7VAX/Oqyp2SEcb4qAoIMCBMTLN7UzRHIpQ Kr9c6oZIcvUc0mBWpDbv3jcqdTfF1MoIs2/qyAVPg2f5sZ42V1w8IDZ6TM3JZK6/ ckUCAwEAAaBDMBwGCSqGSIb3DQEJBzEPDA1Vb2pzOTN3a2ZkMElTMCMGCSqGSIb3 DQEJDjEWMBQwEgYDVR0RAQH/BAgwBocErBAY7jANBgkqhkiG9w0BAQsFAAOBgQA5 URuLsrH0bKtBqrNiaPT1nMQ+fRAJ6Ckjfj/pQsyXO0Nll7blBdbErOtSzDR5yV91 g6/oin5LPn/RwT1hATfjCniF4UVfotLnFjKQe7icsS82gl2FNT+pG1CjTAqxJqZO oBe+ZWzs4cx7wHerjk5u8baz79XFfkQyCdL6QRVlTA== -----END CERTIFICATE REQUEST----- sscep: data payload size: 415 bytes sscep: hexdump request payload 3082019b3082010402010030183116301406035504030c0d3137322e31362e32342e323 33830819f300d06092a864886f70d010101050003818d0030818902818100b1f7a86c4d d44eab7849df6f3e7c86fae8336d6f6e1b59d7966f15bf7f4c00226a7e0c54ea8b3c2a1 eac12541c8d79f994d8b2f0bed5017fceab2a7648471be2a02820c0813132cded4cd11c 8a502abf5cea864872f51cd26056a436efde372a7537c5d4ca08b36feac8054f8367f9b 19e36575c3c20367a4ccdc964aebf72450203010001a043301c06092a864886f70d0109 07310f0c0d556f6a733933776b6664304953302306092a864886f70d01090e311630143 0120603551d110101ff040830068704ac1018ee300d06092a864886f70d01010b050003 81810039511b8bb2b1f46cab41aab36268f4f59cc43e7d1009e829237e3fe942cc973b4 36597b6e505d6c4aceb52cc3479c95f7583afe88a7e4b3e7fd1c13d610137e30a7885e1 455fa2d2e71632907bb89cb12f36825d85353fa91b50a34c0ab126a64ea017be656cece 1cc7bc077ab8e4e6ef1b6b3efd5c57e443209d2fa4115654c sscep: hexdump payload 415 sscep: successfully encrypted payload sscep: envelope size: 956 bytes sscep: printing PEM fomatted PKCS#7 -----BEGIN PKCS7----- MIIDu..........NAQcDoIIDqTCCA6UCAQAxggHYMIIB1AIBADCBuzCBpTELMAkG A1UEBhMCU0MxGTAXBgNVBAgTEE1haGUsIFNleWNoZWxsZXMxHDAaBgNVBAoTE1Bv c3RNZXQgQ29ycG9yYXRpb24xGTAXBgNVBAsTEFNTTCBrZXkgZGl2aXNpb24xIDAe BgNVBAMTF1Bvc3RNZXQgUm9vdCBDQSBDbGFzcyAxMSAwHgYJKoZIhvcNAQkBFhFh ZG1pbkBwb3N0bWV0LmNvbQIRE0hlg2RXY0h1Y0doMWQ1h8EwDQYJKoZIhvcNAQEB BQAEggEAgHq5KowCLbOAX/E3YRrheGwmQqHHHCf2mPHEAx835nifRSd1pPbU9587 8zOFihn+BY76caLss0eJyjTmh68mksh9Qzgc8sewyPWWgq2ilnE3eZtiiGpjf6Gj e7AN38gY4y6MU0NU04r/E16tcPAuP+/7mmrr+Lh4PYxSn/LkXFy9GOdnGaTmaphv L0qwxb1pS4OO765cumy5IFyJHAn3O5EyNJYuxNPuoXu8azxACKb19SVnEuay0Z2W L0/WCYMNpN6kdX/1KceTlg6Gu8oxqVwBvHUewLvn91Lyy8d+EgPMJOPTXRnZSC49 U4AUes2yA9Idbt4ZLNNIktdsK6MhgjCCAcIGCSqGSIb3DQEHATARBgUrDgMCBwQI +d5X8SPX45KAggGg1CRRmVhAwHcj2zE7uScsfMUzyDiuw3c7fdy3W653pYswYVel CpqQbK6chMv6ya1OCi3G1dMY3+M1sa21nc30tpAeF1MonFD9YSTuvTJVYHo5gAob mjnhNsYL+7H0VGWiRzmDNG+HzgUzQbrdk5vFd/4Wbc5UMTy++7PdXO8e+e300FTl iM96uijNS6QoZruM8vp2eNn1IymLwFv8xfwibJnzAz0SYXpbRJK9I+39g5rGA1/s uTRAa7W2Bc4lp71ROdsHBH3aJDYkzcrffd9nGy+b5icnRZa2S6TJTOEQkWpQos5k YQMi8+/3Chb8IBeH8HQ6/23PjjqIFVAHxj+pPlpiN4psx/10i9WAHzMBfUnodpPE +yqKLTFmo037A/LNEH4NorN9E/yPDsHVp3gwjMG60cLO9ipQHCMMjpCxQF4jwaTC 5W0fZd8uVZyayBXR0qLKBAhhtz6Y6k3zcXUBNjqKO1tyCUemndxLbuMPBMB1JZ7c Km7TipKk+LCMNBwVbLFIPCGQUchzGnJD+fzaQKLTca9fKieLpca8Ui/Ur8o= -----END PKCS7----- sscep: creating outer PKCS#7 sscep: signature added successfully sscep: adding signed attributes sscep: adding string attribute transId sscep: adding string attribute messageType sscep: adding octet attribute senderNonce sscep: PKCS#7 data written successfully sscep: printing PEM fomatted PKCS#7 -----BEGIN PKCS7----- MIIHc..........NAQcCoIIHYjCCB14CAQExDjAMBggqhkiG9w0CBQUAMIIDzwYJ KoZIhvcNAQcBoIIDwASCA7wwggO4BgkqhkiG9w0BBwOgggOpMIIDpQIBADGCAdgw ggHUAgEAMIG7MIGlMQswCQYDVQQGEwJTQzEZMBcGA1UECBMQTWFoZSwgU2V5Y2hl bGxlczEcMBoGA1UEChMTUG9zdE1ldCBDb3Jwb3JhdGlvbjEZMBcGA1UECxMQU1NM IGtleSBkaXZpc2lvbjEgMB4GA1UEAxMXUG9zdE1ldCBSb290IENBIENsYXNzIDEx IDAeBgkqhkiG9w0BCQEWEWFkbWluQHBvc3RtZXQuY29tAhETSGWDZFdjSHVjR2gx ZDWHwTANBgkqhkiG9w0BAQEFAASCAQCAerkqjAIts4Bf8TdhGuF4bCZCocccJ/aY 8cQDHzfmeJ9FJ3Wk9tT3nzvzM4WKGf4FjvpxouyzR4nKNOaHryaSyH1DOBzyx7DI 9ZaCraKWcTd5m2KIamN/oaN7sA3fyBjjLoxTQ1TTiv8TXq1w8C4/7/uaauv4uHg9 jFKf8uRcXL0Y52cZpOZqmG8vSrDFvWlLg47vrly6bLkgXIkcCfc7kTI0li7E0+6h e7xrPEAIpvX1JWcS5rLRnZYvT9YJgw2k3qR1f/Upx5OWDoa7yjGpXAG8dR7Au+f3 UvLLx34SA8wk49NdGdlILj1TgBR6zbID0h1u3hks00iS12wroyGCMIIBwgYJKoZI hvcNAQcBMBEGBSsOAwIHBAj53lfxI9fjkoCCAaDUJFGZWEDAdyPbMTu5Jyx8xTPI OK7Ddzt93LdbrnelizBhV6UKmpBsrpyEy/rJrU4KLcbV0xjf4zWxrbWdzfS2kB4X UyicUP1hJO69MlVgejmAChuaOeE2xgv7sfRUZaJHOYM0b4fOBTNBut2Tm8V3/hZt zlQxPL77s91c7x757fTQVOWIz3q6KM1LpChmu4zy+nZ42fUjKYvAW/zF/CJsmfMD PRJheltEkr0j7f2DmsYDX+y5NEBrtbYFziWnvVE52wcEfdokNiTNyt9932cbL5vm JydFlrZLpMlM4RCRalCizmRhAyLz7/cKFvwgF4fwdDr/bc+OOogVUAfGP6k+WmI3 imzH/XSL1YAfMwF9Seh2k8T7KootMWajTfsD8s0Qfg2is30T/I8OwdWneDCMwbrR ws72KlAcIwyOkLFAXiPBpMLlbR9l3y5VnJrIFdHSosoECGG3PpjqTfNxdQE2Ooo7 W3IJR6ad3Etu4w8EwHUlntwqbtOKkqT4sIw0HBVssUg8IZBRyHMackP5/NpAotNx r18qJ4ulxrxSL9SvyqCCAccwggHDMIIBLKADAgECAiA5QTZDMzkxOEM1NERCOTk0 RTdFOTUxNTA1OTgzQTE4MTANBgkqhkiG9w0BAQQFADAYMRYwFAYDVQQDDA0xNzIu MTYuMjQuMjM4MB4XDTE5MDkwOTA3MTIzMloXDTE5MDkxNTA5MTIzMlowGDEWMBQG A1UEAwwNMTcyLjE2LjI0LjIzODCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA sfeobE3UTqt4Sd9vPnyG+ugzbW9uG1nXlm8Vv39MACJqfgxU6os8Kh6sElQcjXn5 lNiy8L7VAX/Oqyp2SEcb4qAoIMCBMTLN7UzRHIpQKr9c6oZIcvUc0mBWpDbv3jcq dTfF1MoIs2/qyAVPg2f5sZ42V1w8IDZ6TM3JZK6/ckUCAwEAATANBgkqhkiG9w0B AQQFAAOBgQATop2OWQJzY3Axds0+9PGPAc0xGtlUQ462teCwgkm6bbrBr7eYhQeL gsT07aesE+37wrtOfmXBucDrdextS6OxW3g5KzC8Gp1yPXHglt8nUUESy9ooF490 TZDBIIQ5yBbMk+AYy0IOWQURlNcc8RJ5LmJXnbq4G/etkLGGyELXxDGCAakwggGl AgEBMDwwGDEWMBQGA1UEAwwNMTcyLjE2LjI0LjIzOAIgOUE2QzM5MThDNTREQjk5 NEU3RTk1MTUwNTk4M0ExODEwDAYIKoZIhvcNAgUFAKCBwTASBgpghkgBhvhFAQkC MQQTAjE5MBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8X DTE5MDkwOTA3MTIzMlowHwYJKoZIhvcNAQkEMRIEEMhY6izfmIjbrJo0kGbUbbQw IAYKYIZIAYb4RQEJBTESBBDpm5bmNyqQpJbJXX9leZwfMDAGCmCGSAGG+EUBCQcx IhMgOUE2QzM5MThDNTREQjk5NEU3RTk1MTUwNTk4M0ExODEwDQYJKoZIhvcNAQEB BQAEgYBThSGDFq9BdXNiOmDxxgw03eEEpxHKTn5jwdHnHxR5nLq2IKmVicyAdyuu Ax/ohg2CAU8+g+k914OzYWMh611mmKu5UyliRmq5LofTgXxzF3duW6aeRkMWxpDb zMp1TGXlKryeo1uPpZ5xZ0GGPqbkhsFlgCc2mhn35B7M2bD4jg== -----END PKCS7----- sscep: applying base64 encoding sscep: base64 encoded payload size: 2588 bytes sscep: scep msg: GET /ca/cgi- bin/pkiclient.exe?operation=PKIOperation&message=MIIHc..........NAQcCoI IHYjCCB14CAQExDjAMBggqhkiG9w0CBQUAMIIDzwYJ%0AKoZIhvcNAQcBoIIDwASCA7wwgg O4BgkqhkiG9w0BBwOgggOpMIIDpQIBADGCAdgw%0AggHUAgEAMIG7MIGlMQswCQYDVQQGEw JTQzEZMBcGA1UECBMQTWFoZSwgU2V5Y2hl%0AbGxlczEcMBoGA1UEChMTUG9zdE1ldCBDb3 Jwb3JhdGlvbjEZMBcGA1UECxMQU1NM%0AIGtleSBkaXZpc2lvbjEgMB4GA1UEAxMXUG9zdE 1ldCBSb290IENBIENsYXNzIDEx%0AIDAeBgkqhkiG9w0BCQEWEWFkbWluQHBvc3RtZXQuY2 9tAhETSGWDZFdjSHVjR2gx%0AZDWHwTANBgkqhkiG9w0BAQEFAASCAQCAerkqjAIts4Bf8T dhGuF4bCZCocccJ/aY%0A8cQDHzfmeJ9FJ3Wk9tT3nzvzM4WKGf4FjvpxouyzR4nKNOaHry aSyH1DOBzyx7DI%0A9ZaCraKWcTd5m2KIamN/oaN7sA3fyBjjLoxTQ1TTiv8TXq1w8C4/7/ uaauv4uHg9%0AjFKf8uRcXL0Y52cZpOZqmG8vSrDFvWlLg47vrly6bLkgXIkcCfc7kTI0li 7E0%2B6h%0Ae7xrPEAIpvX1JWcS5rLRnZYvT9YJgw2k3qR1f/Upx5OWDoa7yjGpXAG8dR7A u%2Bf3%0AUvLLx34SA8wk49NdGdlILj1TgBR6zbID0h1u3hks00iS12wroyGCMIIBwgYJKo ZI%0AhvcNAQcBMBEGBSsOAwIHBAj53lfxI9fjkoCCAaDUJFGZWEDAdyPbMTu5Jyx8xTPI%0 AOK7Ddzt93LdbrnelizBhV6UKmpBsrpyEy/rJrU4KLcbV0xjf4zWxrbWdzfS2kB4X%0AUyi cUP1hJO69MlVgejmAChuaOeE2xgv7sfRUZaJHOYM0b4fOBTNBut2Tm8V3/hZt%0AzlQxPL7 7s91c7x757fTQVOWIz3q6KM1LpChmu4zy%2BnZ42fUjKYvAW/zF/CJsmfMD%0APRJheltEk r0j7f2DmsYDX%2By5NEBrtbYFziWnvVE52wcEfdokNiTNyt9932cbL5vm%0AJydFlrZLpMl M4RCRalCizmRhAyLz7/cKFvwgF4fwdDr/bc%2BOOogVUAfGP6k%2BWmI3%0AimzH/XSL1YA fMwF9Seh2k8T7KootMWajTfsD8s0Qfg2is30T/I8OwdWneDCMwbrR%0Aws72KlAcIwyOkLF AXiPBpMLlbR9l3y5VnJrIFdHSosoECGG3PpjqTfNxdQE2Ooo7%0AW3IJR6ad3Etu4w8EwHU lntwqbtOKkqT4sIw0HBVssUg8IZBRyHMackP5/NpAotNx%0Ar18qJ4ulxrxSL9SvyqCCAcc wggHDMIIBLKADAgECAiA5QTZDMzkxOEM1NERCOTk0%0ARTdFOTUxNTA1OTgzQTE4MTANBgk qhkiG9w0BAQQFADAYMRYwFAYDVQQDDA0xNzIu%0AMTYuMjQuMjM4MB4XDTE5MDkwOTA3MTI zMloXDTE5MDkxNTA5MTIzMlowGDEWMBQG%0AA1UEAwwNMTcyLjE2LjI0LjIzODCBnzANBgk qhkiG9w0BAQEFAAOBjQAwgYkCgYEA%0AsfeobE3UTqt4Sd9vPnyG%2BugzbW9uG1nXlm8Vv 39MACJqfgxU6os8Kh6sElQcjXn5%0AlNiy8L7VAX/Oqyp2SEcb4qAoIMCBMTLN7UzRHIpQK r9c6oZIcvUc0mBWpDbv3jcq%0AdTfF1MoIs2/qyAVPg2f5sZ42V1w8IDZ6TM3JZK6/ckUCA wEAATANBgkqhkiG9w0B%0AAQQFAAOBgQATop2OWQJzY3Axds0%2B9PGPAc0xGtlUQ462teC wgkm6bbrBr7eYhQeL%0AgsT07aesE%2B37wrtOfmXBucDrdextS6OxW3g5KzC8Gp1yPXHgl t8nUUESy9ooF490%0ATZDBIIQ5yBbMk%2BAYy0IOWQURlNcc8RJ5LmJXnbq4G/etkLGGyEL XxDGCAakwggGl%0AAgEBMDwwGDEWMBQGA1UEAwwNMTcyLjE2LjI0LjIzOAIgOUE2QzM5MTh DNTREQjk5%0ANEU3RTk1MTUwNTk4M0ExODEwDAYIKoZIhvcNAgUFAKCBwTASBgpghkgBhvh FAQkC%0AMQQTAjE5MBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8 X%0ADTE5MDkwOTA3MTIzMlowHwYJKoZIhvcNAQkEMRIEEMhY6izfmIjbrJo0kGbUbbQw%0A IAYKYIZIAYb4RQEJBTESBBDpm5bmNyqQpJbJXX9leZwfMDAGCmCGSAGG%2BEUBCQcx%0AIh MgOUE2QzM5MThDNTREQjk5NEU3RTk1MTUwNTk4M0ExODEwDQYJKoZIhvcNAQEB%0ABQAEgY BThSGDFq9BdXNiOmDxxgw03eEEpxHKTn5jwdHnHxR5nLq2IKmVicyAdyuu%0AAx/ohg2CAU 8%2Bg%2Bk914OzYWMh611mmKu5UyliRmq5LofTgXxzF3duW6aeRkMWxpDb%0AzMp1TGXlKr yeo1uPpZ5xZ0GGPqbkhsFlgCc2mhn35B7M2bD4jg%3D%3D%0A HTTP/1.0 sscep: server returned status code 500 sscep: mime_err: HTTP/1.1 500 Content-Type: text/html;charset=utf-8 Content-Language: en Content-Length: 3234 Date: Mon, 09 Sep 2019 07:12:32 GMT Connection: close <!doctype html><html lang="en"><head><title>HTTP Status 500 – Internal Server Error</title><style type="text/css">h1 {font- family:Tahoma,Arial,sans-serif;color:white;background- color:#525D76;font-size:22px;} h2 {font-family:Tahoma,Arial,sans- serif;color:white;background-color:#525D76;font-size:16px;} h3 {font- family:Tahoma,Arial,sans-serif;color:white;background- color:#525D76;font-size:14px;} body {font-family:Tahoma,Arial,sans- serif;color:black;background-color:white;} b {font- family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} p {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font- size:12px;} a {color:black;} a.name {color:black;} .line {height:1px;background- color:#525D76;border:none;}</style></head><body><h1>HTTP Status 500 – Internal Server Error</h1><hr class="line" /><p><b>Type</b> Exception Report</p><p><b>Message</b> Couldn't handle CEP request (PKCSReq) - Could not unwrap PKCS10 blob: java.security.cert.CertificateException: Error instantiating class for challenge_password java.lang.ClassNotFoundException: com.netscape.cms.servlet.cert.scep.ChallengePassword</p><p><b>Descripti on</b> The server encountered an unexpected condition that prevented it from fulfilling the request.</p><p><b>Exception</b></p><pre>javax.servlet.ServletException: Couldn't handle CEP request (PKCSReq) - Could not unwrap PKCS10 blob: java.security.cert.CertificateException: Error instantiating class for challenge_password java.lang.ClassNotFoundException: com.netscape.cms.servlet.cert.scep.ChallengePassword com.netscape.cms.servlet.cert.scep.CRSEnrollment.service(CRSEnr ollment.java:397) javax.servlet.http.HttpServlet.service(HttpServlet.java:741) sun.reflect.GeneratedMethodAccessor48.invoke(Unknown Source) sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMetho dAccessorImpl.java:43) java.lang.reflect.Method.invoke(Method.java:498) org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.ja va:282) org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.ja va:279) java.security.AccessController.doPrivileged(Native Method) javax.security.auth.Subject.doAsPrivileged(Subject.java:549) org.apache.catalina.security.SecurityUtil.execute(SecurityUtil. java:314) org.apache.catalina.security.SecurityUtil.doAsPrivilege(Securit yUtil.java:170) java.security.AccessController.doPrivileged(Native Method) org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.j ava:53) sun.reflect.GeneratedMethodAccessor47.invoke(Unknown Source) sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMetho dAccessorImpl.java:43) java.lang.reflect.Method.invoke(Method.java:498) org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.ja va:282) org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.ja va:279) java.security.AccessController.doPrivileged(Native Method) javax.security.auth.Subject.doAsPrivileged(Subject.java:549) org.apache.catalina.security.SecurityUtil.execute(SecurityUtil. java:314) org.apache.catalina.security.SecurityUtil.doAsPrivilege(Securit yUtil.java:253) </pre><p><b>Note</b> The full stack trace of the root cause is available in the server logs.</p><hr class="line" /><h3>Apache Tomcat/9.0.21</h3></body></html> sscep: wrong (or missing) MIME content type sscep: error while sending message Why it is trying to unwrap PKCS10 if we are sending PKCS7 ? How it can be fixed ? I am sure you know it. Please help. -- Pavel Ryabih PostMet Corporation http://www.postmet.com Call to sip:[email protected] _______________________________________________ Pki-users mailing list [email protected] https://www.redhat.com/mailman/listinfo/pki-users
