Menu
▾
▴
Re: [Ejbca-develop] Interop cmpforopenssl with EJBCA
|
From: Tomas G. <to...@pr...> - 2012-10-10 10:08:26
|
Hi, You need to re-deploy after changing configuration. You also must be more detailed when asking for help. If you are using cmpforopenssl you need to give the command you are using, otherwise you may be using an invalid command and there is no way for anyone to know. Since you are playing around with both RA and Client mode, perhaps you should tell what you actually want to do? Cheers, Tomas ----- PrimeKey Solutions offers commercial EJBCA and SignServer support subscriptions and training courses. Please see www.primekey.se or contact in...@pr... for more information. http://www.primekey.se/Services/Support/ http://www.primekey.se/Services/Training/ On 10/10/2012 05:22 PM, dominic peter wrote: > Hi Anders, > > Thank you very much for the reply. > > *_RA mode:_ > > *I checked by updating the cmp configuration for '*RA*' mode as per the > link that you sent. > But still i am getting the same error. Following is the content of the > cmp.properties file, > > cmp.operationmode=ra > cmp.responseprotection=pbe > cmp.ra.authenticationsecret=password > > Am i missing something here ? Is just updating the configuration file > enough for the configurations to take effect ? > > Also can you please help me understand why i am getting the following > error on the EJBC server, > > *ERROR [CrmfMessageHandler] Could not extract password from CRMF request > using the RegTokenPwd authentication module > * > Is this due to some missing parameters in the 'ir' message sent from > cmpclient ? > > _*Client Mode:*_ > > I also tried by configuring the EJBCA in */client mode/*. In this case, > the 'ir' message exchange was successful. But the 'cr' message exchange > failed. Following was the error message on the EJBCA server, > > *ERROR [CrmfMessageHandler] Could not create CmpPbeVerifyer* > > Any idea what is the reason for this error ? > > Packet captures for both RA and client mode is attached to this mail. > > Also please help me understand the necessary initializations or any > other prerequisites on the cmpclient side if any for interop with EJBCA. > > Regards > Dominic > > On Tue, Oct 9, 2012 at 5:42 PM, ejbca-support <ejb...@pr... > <mailto:ejb...@pr...>> wrote: > > On 2012-10-09 13:59, dominic peter wrote: > > Hi, > > Hi Dominic, > > > > Has anyone tried to interop cmpforopenssl client with EJBCA. > > > Yes, > http://www.ejbca.org/adminguide.html#Interoperability > > > > > I am trying to send an 'ir' request to EJBCA from the > cmpforopenssl client using the following command, > > > > ./cmpclient --server localhost --port 8080 --path > ejbca/publicweb/cmp --srvcert myAdminCA.cacert.pem --ir --user test1 > --password test1 --newclcert test1.pem --newkey test1.key --subject > "C=IN,ST=KAR,L=TEST,O=TEST,OU= > > EN,CN=EETest1" > > > > I am seeing the following error on the EJBCA after sending the > 'ir' request from the client, > > > > 15:40:36,975 ERROR [CrmfMessageHandler] Could not extract > password from CRMF request using the RegTokenPwd authentication module > > 15:40:36,997 INFO [CmpServlet] Sent a CMP response to: > 127.0.0.1, process time 217. > > > > On the cmpclient i am seeing the following error, > > > > INFO: Sending Initialization Request > > ERROR: received no initial Client Certificate. FILE cmpclient.c, > LINE 401 > > 3078551176 <tel:3078551176> <tel:3078551176 > <tel:3078551176>>:error:0D0680A8:asn1 encoding > routines:ASN1_CHECK_TLEN:wrong tag:tasn_dec.c:1319: > > 3078551176 <tel:3078551176> <tel:3078551176 > <tel:3078551176>>:error:0D07803A:asn1 encoding > routines:ASN1_ITEM_EX_D2I:nested asn1 error:tasn_dec.c:381:Type=X509 > > 3078551176 <tel:3078551176>:error:32090087:CMP > routines:CMP_doInitialRequestSeq:pkibody > error:cmp_ses.c:384:bodytype=23, error="PKIStatus: rejection, > PKIFailureInfo: wrongAuthority" > > > > And ideas ? > > Check configuration. > > Cheers, > Anders > tech support > > > > > Thanks in advance. > > > > Regards > > > > > > > ------------------------------------------------------------------------------ > > Don't let slow site performance ruin your business. Deploy New > Relic APM > > Deploy New Relic app performance management and know exactly > > what is happening inside your Ruby, Python, PHP, Java, and .NET app > > Try New Relic at no cost today and get our sweet Data Nerd shirt too! > > http://p.sf.net/sfu/newrelic-dev2dev > > > > > > > > _______________________________________________ > > Ejbca-develop mailing list > > Ejb...@li... > <mailto:Ejb...@li...> > > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > > > > > > > ------------------------------------------------------------------------------ > Don't let slow site performance ruin your business. Deploy New Relic APM > Deploy New Relic app performance management and know exactly > what is happening inside your Ruby, Python, PHP, Java, and .NET app > Try New Relic at no cost today and get our sweet Data Nerd shirt too! > http://p.sf.net/sfu/newrelic-dev2dev > > > > _______________________________________________ > Ejbca-develop mailing list > Ejb...@li... > https://lists.sourceforge.net/lists/listinfo/ejbca-develop > |
