Thanks for your suggestion. I change the value of
auth.instance_id in the caRouterCert profile to be "empty" (i.e. no
value) per your suggestion.
I could verify through the debug file that the CA accepts this
empty value when I run my SCEP test again.
The snippet of the debug file:
no Authenticator Found >> this log suggests that the
changes takes into effect
Despite that no Authenticator is Found, the CA does not put the
request in the agent queue.
The CA issues the SCEP client a certificate.
Now, when I check this particular requests through the CA-agent
web interface; i.e. (List Request, Request Type: Show All Request,
Request Status: Show All Request), I noticed that the request was
Although the CA marks this request as completed, this request
does not show its associated issued certificate, despite of the fact
that the SCEP client is issued a certificate. When I further explore
this "completed request", this is what I got:
Subject Public Key:
Public Key: undefined
Error: certificate not issued
Any idea why the CA behaves this way? Is it expected?
I would like to configure my DCS's SCEP
manual approval, in which the router uses SCEP to submit the request
and the CA agent will manually approve the request and to modify the
request (if needed).
Does anybody has any idea how to configure the DCS CA?
I am thinking to clone the caRouterCert profile. I am not
what to specify to enable agent to approve the incoming request.
Am I in the right direction?
You could try to modify caRouterCert profile by replacing
Adding new profile requires extending profile list in CS.cfg.