During the SCEP test, I looked into various information generated by the CA in processing a SCEP request. However, I noticed that the information obtained through the "list request" was not consistent with the information obtained from the "list certificate." According to the "list request" my SCEP request encountered an error and the certificate was not issued. However, in the "List Certificate", this SCEP request was successfully processed and resulted in the issuance of a certificate. Likewise, at the SCEP client, the SCEP client also successfully obtained the certificate.

2. Logging in as an RA, I approved the PIN request, the output of this approval is a PIN which I distributed it to the SCEP client using out of band method.

4. Using the mkrequest -ip 10.8.122.131 [PIN], I created the CSR. I could see that the PIN is included in the CSR as the challenge-password attribute

5. Assuming I have successfully obtained the CA certificate, using the sscep enroll -c ca.crt -k local.key -r local.csr -l local.crt -u http://ra.fqdn:12888/ee/scep/pkiclient.cgi, I started SCEP enrollment

After the CA has successfully issued this certificate to my SCEP client, I checked the CA "list requests" and "list certificates" pages.

At the "list request" page, I filtered for all type of request and all status of requests. The output of this query is formatted into three colums; "status", "assigned to", and "subject."

My SCEP client request has "status=completed". The assigned to and subject are empty. Further opening this record, the CA indicates that there is an error; i.e. the issued certificate section contained: "Error Certificate Not Issued"

When I opened the "list certificates" and searched for the SCEP client certificate, the SCEP client certificate was there with status "valid"