From: Ifyoucan r. <bug...@go...> - 2010-09-09 10:05:10
|
Hi List, i'm running OpenCA (v 1.1.0) with scep service enabled and today the following problem occured: My scep client (sscep) got a valid certificate ( CA signed it with 3 days validity). When i tried to renew the certificate, i got exactly the same certificate as in the first time - same "valid until" time. Is this supposed to be like that? Nevermind, the real problem came when i changed the time settings on my OpenCA Server in order to simulate a renewal of a invalid client certificate. Sscep sends a request and in the OpenCA stderr log i see: "... HTTP_REQUEST_METHOD=GET REMOTE_ADDR=192.168.253.113 REMOTE_PORT=55581 HTTP_CGI_SCRIPT=scep HTTP_FULL_CGI_SCRIPT=scep%3Foperation%3DPKIOperation%3Bmessage%.....(encrypted text)... OPENCA_AC_CHANNEL_SERVER_SOFTWARE=Apache%2F2.2.14%20%28Ubuntu%29 OPENCA_AC_CHANNEL_REMOTE_ADDRESS=192.168.253.113 OPENCA_AC_INTERFACE=scep OpenCA::UI::HTML->new: ignoring wrong parameter SUPPORT_EMAIL OpenCA: General error trapped 700: The compilation of the command cmdScepPKIOperation failed. Can't call method "getPEM" on an undefined value at (eval 198) line 238.<br> Compilation failed in require at /opt/openca/etc/openca/openca_start line 65. " while the client says: "... sscep: server returned status code 200 sscep: MIME header: x-pki-message sscep: valid response from server sscep: reading outer PKCS#7 sscep: PKCS#7 payload size: 4087 bytes sscep: printing PEM fomatted PKCS#7 -----BEGIN PKCS7----- -----END PKCS7----- Segmentation fault " This happens after the scep client did send the request and waited 60sec before polling the server for the signed cert. The Segmentation fault with sscep seems to be due to the empty PKCS7 container and i guess its more like a subsequent error. Any hints? Ramon |