Menu
▾
▴
Re: [Ejbca-develop] HTTP 1.0 fails with Scep request (SOLVED!!)
|
From: Peut K. <pe...@as...> - 2013-10-21 12:20:24
|
Hi Tomas Just to let you know, I finally solved the "apparent" HTTP version problem. I have used Branko Majic's excellent guide to setup EJBCA. He uses CA names with spaces "Example Server CA" in his guide. I created a trustpoint in Cisco with the exact same CA name by using quotes: # crypto pki trustpoint "Example Server CA" # ... # ... # crypto pki authenticate "Example Server CA" However, when Cisco sends the SCEP request to authenticate the CA, the request on the wire is formatted as follows: .../scep/pkiclient.exe?operation=GetCACert&message=Example Server CA HTTP/1.0 Upon which the EJBCA server sends back the reply: HTTP/1.1 505 HTTP Version Not Supported This is because EJBCA interpret the last part of the message as the HTTP protocol definition part: " Server CA HTTP/1.0". I dont' know if it is Cisco who is supposed to insert quotes in names containing spaces, or if it is the java connector the should read everything until it gets to the HTTP part. But my problem is solved, it is due to incompatibility when using CA names containing spaces between EJBCA and Cisco, I hace changed my CA authority names to single names not containing spaces and everything is working fine now. Thank you for your time and effort. Best regards Peut PS. Thanks to Murphy it happens to be that Cisco uses HTTP/1.0 in their requests, throwing me totally off track. |
