Hi, I am running a new installation of EJBCA, trying to get MobileIron MDM to request a test cert via SCEP. The documentation says that this is supported but I'm running into failures after trying multiple variations of the request. It seems that the error is pointing to BouncyCastle.
I am running EJBCA behind apache via AJP:8009
ERROR [org.ejbca.core.protocol.scep.ScepRequestMessage] (ajp--127.0.0.1-8009-6) Error in PKCS7:: org.bouncycastle.cms.CMSException: exception unwrapping key: bad padding: unknown block type
Has anyone been able to implement a successful setup with MobileIron on EJBCA 6.2.0?
It's working using Apple IOS/MAC OSx SCEP...
This instance of MobileIron SCEP is also working when requesting from a Microsoft 2012 CA.
Hi, I successfully tested MobileIron with EJBCA if you are using CA mode in EJBCA. If I use RA mode I encounter the same issue as you.
I guess this is a problem of EJBCA since in RA mode the try to find the correct CA to decrypt the message using the IssuerDN of the PKCS7 request. But if you have a not selfsinged CA to issue the SCEP certificate the issuer dn in the request leeds to the root and not to the CA certificate. Now EJBCA is trying to decrypt the SCEP request with the root key and not with the subca key, which leads to that error.
I will open a bug report for that.
Sign up for the SourceForge newsletter:
You seem to have CSS turned off.
Please don't fill out this field.