Re: R: [Openca-Users] SCEP command line client problems (sscep, scepclient)

[Martin B. <vc...@cy...>]

Hi Paolo,

> I can assure you that autosscep works correctly with openca.
> We use it routinely with at least 30 connections.
> The code from sscep has been fixed within.
> But of course my comment could be biased.

I just checked out autosscep but did not have much luck with it,
either. I get the same SIGSEGV like in sscep.

My client is using openssl 0.9.7d.

Any ideas?

BTW: Merry Christmas to all users on the list!

Martin

-------------

Configuration file:
-------

# Empty AutoSscep configuration file
# just fill the value!!
### General option

# The directory that contains certificates
CertDir =3D "/home/martin/stuff/src/autoSscep-0.9.28b/tmp/certs"

# The directory that contains the private keys
KeyDir =3D "/home/martin/stuff/src/autoSscep-0.9.28b/tmp/private"

# The number of expiration days before start enroll
DaysBeforeExpire =3D "2"

# The directory that contains the CA's certificates
CADir =3D "/home/martin/stuff/src/autoSscep-0.9.28b/tmp/"

# The bits for the modules
KeyBits =3D "1024"

# Signature algorithm (md5 or sha1)
SigAlgo =3D "sha1"

### Info e debug option
# Possible values: yes or no.
Verbose =3D "yes"
Debug =3D "yes"

ECommand =3D""



### CAs' data
# Define the CAs data
# Encryption algorithm: des, 3des or blowfish. Default: des

[CA]
DN =3D "xxxxx TLS CA 3"
URL =3D "http://xxxxx/cgi-bin/scep/scep"
CertFile =3D "cacert-1"
EncCertFile =3D "cacert-0"
EncAlgo =3D ""
VHost =3D ""
[/CA]

[Certificate]
CertFile =3D "/home/martin/stuff/src/autoSscep-0.9.28b/tmp/newcert"
KeyFile =3D "/home/martin/stuff/src/autoSscep-0.9.28b/tmp/private/key"

# cert's CA Data
    CADN =3D "xxxxx TLS CA 3"

# DN Data
Email =3D ""
Country =3D ""
State =3D ""
Location =3D ""
Organization =3D ""
OrgUnit =3D ""
CommonName =3D "example123.xxxxx.com:1234"

[X509v3EXT]
key_usage =3D ""
subject_alt_name =3D "DNS:example123.xxxxx.com"
basic_constraints =3D ""
netscape_cert_type =3D ""
extended_key_usage =3D ""
netscape_comment =3D ""
[/X509v3EXT]

ReqCommand =3D ""
[/Certificate]
--------

Output:

../autosscep: Reading config file
        host: xxxxx.10.146
        port: 80
        dir: /cgi-bin/scep/scep
../autosscep: CA cacert-1 error - unsupported algorithm: '', using DES
../autosscep: File '/home/martin/stuff/src/autoSscep-0.9.28b/tmp/cacert-1=
'
opened
../autosscep: File '/home/martin/stuff/src/autoSscep-0.9.28b/tmp/cacert-0=
'
opened
../autosscep: cannot open local file:
'/home/martin/stuff/src/autoSscep-0.9.28b/tmp/certs/home/martin/stuff/src=
/autoSscep-0.9.28b/tmp/newcert'
../autosscep: Checking config file values
../autosscep: Signature algorithm specified: sha1
../autosscep: starting autoscep, version 0.9.28b  20 September 2004
../autosscep: Checking certificate -- >
/home/martin/stuff/src/autoSscep-0.9.28b/tmp/newcert
../autosscep: Certificate
/home/martin/stuff/src/autoSscep-0.9.28b/tmp/newcert is going to expire
(or is missing)
../autosscep: Looking for the CA data
../autosscep: CA founded!!
../autosscep: Starting certificate enrollment for -- >
/home/martin/stuff/src/autoSscep-0.9.28b/tmp/newcert
../autosscep: New request
../autosscep: cannot open file for writing
../autosscep: ERROR ON WRITING PRIVATE KEY, copy it from here
-----BEGIN RSA PRIVATE KEY-----
MIICXAIBAAKBgQCdIOS3JMPnU3p076Mp6HLeeuD5ebi7kyZNBkAPkzXFSZh68YXP
[...]
5xwZgblJsss+syQsxUxJdo33E0lDvz47myR/g67h4lM=3D
-----END RSA PRIVATE KEY-----
../autosscep: Creating request FROM CONFIG FILE DATA data for
'/home/martin/stuff/src/autoSscep-0.9.28b/tmp/newcert'
../autosscep: cannot open file for writing
../autosscep: generating selfsigned certificate
../autosscep: sending certificate request
../autosscep: transaction_ID =3D 207856E7BCE77DCD8FF21E99C13EBAE0
../autosscep: creating inner PKCS#7
../autosscep: data payload size: 421 bytes
Segmentation fault