Hello everyone,
I've been trying to enroll with dogtag via SSCEP for the last few days to
no avail and I've reached the end of my rope, so I'm reaching out for your
help (which I very much would appreciate).
I am running Ubuntu and my dogtag versions are:
hayg@hayg:~$ dpkg -l | grep dogtag
 ii  dogtag-pki                               10.2.6-1
    all          Dogtag Public Key Infrastructure (PKI) Suite
 ii  dogtag-pki-console-theme                 10.2.6-1
    all          Certificate System - PKI Console User Interface
 ii  dogtag-pki-server-theme                  10.2.6-1
    all          Certificate System - PKI Server User Interface 
My SSCEP:
[~/sscep]$ cat VERSION
 0.6.1 
My flatfile.txt:
hayg@hayg:~$ sudo cat /var/lib/pki/pki-tomcat/conf/ca/flatfile.txt
 #UID:172.16.24.238
 #PWD:1212
 UID:10.129.25.186
 PWD:secret 
(I restarted my pki-tomcatd service just in case, to make sure it took
effect)
On the SSCEP side I'm doing: ./sscep enroll -l cert.pem -r local.csr -k
local.key -c astourian.crt -u '
http://hayg.astourian.info:8080/ca/cgi-bin/pkiclient.exe'
This fails because the request is getting deferred and I have fail on defer
set to true, per the docs.
The request actually shows up in 'List Certificates' when I go to the web
UI, but when I try to approve it, I get:
 The Certificate System has encountered an unrecoverable error.
 Error Message:
 *java.lang.NullPointerException*Please contact your local administrator
 for assistance. 
When I try to resume the enrollment by adding the -R flag to sscep it fails
with the following error in the logs:
CRSEnrollment: No certificate has been found
My CSR:
[~/sscep]$ openssl req -in local.csr -noout -text
 Certificate Request:
     Data:
         Version: 0 (0x0)
         Subject: CN=10.129.25.186
         Subject Public Key Info:
             Public Key Algorithm: rsaEncryption
                 Public-Key: (1024 bit)
                 Modulus:
                     00:ab:f4:b7:55:bd:26:51:b7:65:b9:51:4e:08:31:
                     83:ef:d6:b7:97:cc:cb:82:4b:a6:3f:be:ac:1c:9a:
                     f5:1e:0d:56:7c:6a:be:d3:49:17:b6:ba:42:05:eb:
                     6c:e2:ff:2b:0f:64:d5:ae:e8:5b:6c:f8:df:74:ef:
                     1f:a1:94:50:4c:35:90:bc:02:2b:2a:e3:80:b6:e1:
                     75:a0:34:4d:74:0b:47:2c:f5:2d:87:2a:72:4a:93:
                     5b:76:a8:cc:96:56:0b:de:62:69:1e:37:30:eb:49:
                     4a:0a:8c:55:c4:0e:a7:9d:95:88:2d:ed:15:19:c6:
                     19:93:02:84:40:09:40:44:b1
                 Exponent: 65537 (0x10001)
         Attributes:
             challengePassword        :secret
         Requested Extensions:
             X509v3 Subject Alternative Name: critical
                 IP Address:10.129.25.186
     Signature Algorithm: sha1WithRSAEncryption
          7e:85:96:60:54:ed:c7:fd:d4:9d:b9:48:4c:d6:5a:2d:b1:62:
          8f:26:58:04:da:f2:6d:cf:c7:59:dc:b5:b2:a9:69:8d:e0:df:
          4d:26:7b:51:3e:d5:f4:90:21:d9:20:69:6f:6f:e1:58:28:90:
          05:a7:38:1b:04:05:e6:84:03:78:95:90:d6:da:0c:56:c1:e9:
          16:d4:01:15:c5:5e:06:3f:44:48:6e:e5:dd:f6:dc:62:0a:f9:
          af:e7:c5:3d:0a:86:b1:99:40:90:ff:30:02:92:91:fb:dd:50:
          f0:df:bf:73:96:6f:04:3e:73:66:02:86:66:a0:00:fa:a7:58:
          ea:ae 
As you can see, the password is "secret" and the CN is the UID from
flatfile.txt.
I welcome you all to try enrolling with my server. I can then try approving
and see if it works.
Again, I very much appreciate all of your help. Please excuse my wall of
text x_x
Thanks,
Hayg