[Pki-users] SSCEP enroll using CA

I'm making lots of progress, but there seems to be a lack (or at least its unclear to me still) in the way to configure SCEP enrollment on the CA. All the manual references use the RA thru: http://<fqdn>:12888/ee/scep/index.cgi to configure SCEP. But in order to get the CA cert and do a SCEP enroll, most examples use: http://<fqdn>:9080/ca/cgi-bin/pkiclient.exe Is there something similar to the RA on the CA web gui to create the SCEP requests? Lastly, I'm trying to use sscep as follows: # ./sscep getca -c ca.crt -u http://<fqdn>:9080/ca/cgi-bin/pkiclient.exe ... ./sscep: CA certificate written as ca.crt # ./sscep enroll -c ca.crt -k local.key -r local.csr -l cert.crt -u http://<fqdn>:9080/ca/cgi-bin/pkiclient.exe But all that is returned is: ./sscep: sending certificate request ./sscep: valid response from server ./sscep: pkistatus: FAILURE ./sscep: reason: Transaction not permitted or supported Any helpful logs would be appreciated, but my guess is that I'm overlooking a web gui somewhere off port 9080. Is there something in the CA or RA that could help identify a more specific FAILURE reason?