Re: [Pki-users] No SCEP Enrollment option in the SSL End Users Services page

>From: Marc Sauton <msauton(a)redhat.com&gt; >Sent: Apr 20, 2009 1:31 PM >To: Fortunato <fortunato.montresor(a)earthlink.net&gt; >Cc: pki-users(a)redhat.com >Subject: Re: [Pki-users] No SCEP Enrollment option in the SSL End Users Services page > >Fortunato wrote: >> Hello list, >> >> I don't know exactly where the differences are between Dogtag 1.1.0 and the documentation (currently 7.3) >Dogtag 1.1.0 is the open source development project of the released >commercial product RHCS 7.3. >One way to get an idea of the changes, is to go through the archive lists: >https://www.redhat.com/mailman/private/pki-commits/ I'm not a big coder, so going thru the commits is kind of torturous for me. :( But I subscribed to pki-commits list and will try. Part of my interest revolves around the IPv6 configuration, on which the documentation is rather scarce. I'd like to get the cert manager to listen on IPv6 addresses. LDAP is listening on localhost6, but how about the other CA services? # netstat -tlpn Active Internet connections (only servers) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:9443 0.0.0.0:* LISTEN 3411/java tcp 0 0 0.0.0.0:9444 0.0.0.0:* LISTEN 3411/java tcp 0 0 0.0.0.0:9445 0.0.0.0:* LISTEN 3411/java tcp 0 0 0.0.0.0:9830 0.0.0.0:* LISTEN 2452/httpd.worker tcp 0 0 0.0.0.0:111 0.0.0.0:* LISTEN 2017/rpcbind tcp 0 0 0.0.0.0:11443 0.0.0.0:* LISTEN 4025/java tcp 0 0 0.0.0.0:11444 0.0.0.0:* LISTEN 4025/java tcp 0 0 0.0.0.0:11445 0.0.0.0:* LISTEN 4025/java tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 2766/sshd tcp 0 0 0.0.0.0:33558 0.0.0.0:* LISTEN 2030/rpc.statd tcp 0 0 0.0.0.0:12888 0.0.0.0:* LISTEN 4445/httpd.worker tcp 0 0 0.0.0.0:12889 0.0.0.0:* LISTEN 4445/httpd.worker tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 2800/sendmail: acce tcp 0 0 0.0.0.0:12890 0.0.0.0:* LISTEN 4445/httpd.worker tcp 0 0 ::ffff:127.0.0.1:9701 :::* LISTEN 3411/java tcp 0 0 :::389 :::* LISTEN 2350/ns-slapd tcp 0 0 :::11180 :::* LISTEN 4025/java tcp 0 0 :::111 :::* LISTEN 2017/rpcbind tcp 0 0 ::ffff:127.0.0.1:11701 :::* LISTEN 4025/java tcp 0 0 :::22 :::* LISTEN 2766/sshd tcp 0 0 :::9180 :::* LISTEN 3411/java >> , but under SSL End Users Services there's no SCEP Enrollment option. >In the RA's "SSL End Users Services" page, there should be a "SCEP >Enrollment" link, url looks like this: >https://<fqdn:port>/ee/index.cgi (default port 12899) >Also by default, a CA EE enrollment pages and "List Certificate >Profiles" will list the caRouterCert and caRARouterCert profiles. >** I was looking at the wrong http[s]:://<fqdn:port> I have the SCEP web gui now under: https://<fqdn>:12889/ee/scep/index.cgi >> Am I missing an option/config? >Should not, seem quite strange if you do not see those. >> pki-ra 1.1.0 is installed. >> >ok, so you want to use SCEP with a RA. Maybe a better description on the CA SCEP versus RA SCEP would be helpfull? I'll try to comment on the document soon. >> There are what appear to be 3 tabs: Enrollment, Revocation and Retrieval - under the ca pkiconsole. >> >Those are for SSL sub system certificates. >> Do any of the listed Certificate Profiles match to what the manual refers to as SCEP Enrollment and the Request Submission - Manager? >> >The Request Submission is to get the one time pin for the device. >The SCEP Enrollment page shows the link to configure on the device. >Those 2 are listed in the "EE" pages on the RA instance. >See the profiles like in the directory >/var/lib/rhpki-<ca-instance-id>/profiles/ca/caRA* >Specially caRARouterCert profile on the CA instance (caRouterCert s for >CA mode). >Some pointers: >http://www.redhat.com/docs/manuals/cert-system/7.3/html/Administration_Guide/Administration_Guide-Registration_Authority-Working_With_the_Registration_Authority.html SCEP screenshots would help. The different ports available for all CM services makes things confusing. >http://pki.fedoraproject.org/wiki/PKI_SCEP_Support_In_Certificate_System >http://pki.fedoraproject.org/wiki/PKI_Cisco_Routers_%28IOS%29 Are there any easily available SCEP clients out there?

>> Regards, >> >> _______________________________________________ >> Pki-users mailing list >> Pki-users(a)redhat.com >> https://www.redhat.com/mailman/listinfo/pki-users >> > > _______________________________________________ Pki-users mailing list Pki-users(a)redhat.com https://www.redhat.com/mailman/listinfo/pki-users