Hi, I’m trying to setup a lab with a couple of Cisco routers getting their certificates from OpenXPKI using SCEP. I installed OpenXPKI on an Ubuntu 22.04 server using Docker containers. I used the provided configuration script to setup the initial configuration : “sampleconfig.sh”. The router gets successfully the CA certificate (cn=OpenXPKI Demo Issuing CA 20230515). But when it tries to fetch its own certificate I get the following error message from the SCEP server (scep.log): 2023/05/16 13:41:57 ERR Unable to find signer certificate in enveloped message [pid=77|ep=scep] 2023/05/16 13:41:57 ERR Unable to unwrap message (Error running command: Unable to find signer certificate in enveloped message at /usr/share/perl5/OpenXPKI/Client/Simple.pm line 465. ) [pid=77|ep=scep] 2023/05/16 13:41:57 INF Disconnect client [pid=77|ep=scep] I tried the same process using SSCEP (using the Quickstart Guide at https://openxpki.readthedocs.io/en/latest/quickstart.html). The request is accepted by OpenXPKI but it stays in a pending state (waiting for a manual approval on the WebGUI). I probably need to figured out what are the conditions to meet in the workflow to fully approve a request (challenge password is Ok but signer appears to be “Not trusted and Not authorized”). Any idea why a request from a Cisco router would be refused by OpenXPKI ? Release information from my configuration: Cisco IOS-XE 17.06.05 OpenXPKI v3.24.1 BR, Damien.
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
