Hi Trevor,
I'll need a bit of clarification and some info...
On 01/31/2018 10:52 AM, Trevor Vaughan wrote:
So, the scep client has issue receiving the scep response from the server? And you have determined that the response is indeed a signed certificate (like, not error response)?Unfortunately, there is an issue with receiving the signed certificate and I've been unable to figure out how to successfully debug the issue.I am attempting to register with a subordinate CA that has a KRA set up and will successfully sign certificate requests from certmonger.Hi All,I've hit a bit of a roadblock with debugging SCEP enrollment from certmonger to Dogtag and I'm hoping that someone can help.
The error that is returned is "Error: failed to verify signature on server response." and is triggered from https://pagure.io/certmonger/
blob/master/f/src/pkcs7.c#_ .1065
Is your scep client trusting the subordinate ca's scep signing cert?
I've tried dumping the p7 data but, from what I can tell, the response is empty in that block of code and I'm not quite sure where to go from there.
Wait, so the received response is empty?
If the scep response from the subCA is not empty, could you show the Base64 encoded response and maybe I can take a look?
Also, if you could attach relevant portion of the sub-CA's debug log it might be helpful.
TrevorThanks,Any assistance is appreciated.
--
Trevor Vaughan
Vice President, Onyx Point, Inc
-- This account not approved for unencrypted proprietary information --
_______________________________________________ Pki-devel mailing list Pki-devel@redhat.com https://www.redhat.com/ mailman/listinfo/pki-devel
_______________________________________________
Pki-devel mailing list
Pki-devel@redhat.com
https://www.redhat.com/mailman/listinfo/pki-devel