From cfu at redhat.com  Tue Sep  3 15:54:40 2019
From: cfu at redhat.com (Christina Fu)
Date: Tue, 3 Sep 2019 08:54:40 -0700
Subject: [Pki-users] Installation failed: import_pkcs7
In-Reply-To: <12090714d87513f7dd718e18ae10ca3e2a591f09.camel@postmet.com>
References: <12090714d87513f7dd718e18ae10ca3e2a591f09.camel@postmet.com>
Message-ID: <CAM0Z3Sa2JmO0QfY=LpNpr9K_sX-Ngve03fUV9y6qt2YDOeMZnA@mail.gmail.com>

Hi,
Could you provide the following information?

   - platform and Dogtag version
   - debug log (can be found in /var/lib/pki/pki-tomcat/ca/logs/debug)

thanks,
Christina

On Mon, Aug 19, 2019 at 6:27 AM Pavel Ryabikh <pr at postmet.com> wrote:

> Hello dear Dogtag PKI users!
>
>
> I am trying to install the system already for some days - it fails:
>
> There is a description:
> [root at ca ~]# pkispawn -f ca-external-step2.cfg -s CA
> Installation log: /var/log/pki/pki-ca-spawn.20190819144510.log
> Loading deployment configuration from ca-external-step2.cfg.
> Installing CA into /var/lib/pki/pki-tomcat.
> ParsingException: IOException: Sequence tag error 9
> ERROR   : pkispawn       CalledProcessError: Command '['pki', '-d',
> '/var/lib/pki/pki-tomcat/alias', 'pkcs7-cert-export', '--pkcs7-file',
> '/tmp/tmpgx3puk6p/cert_chain.p7b', '--output-prefix',
> '/tmp/tmptc7rw5h0/cert', '--output-suffix', '.crt']' returned non-zero
> exit status 255.
>   File "/usr/lib/python3.7/site-packages/pki/server/pkispawn.py", line
> 546, in main
>     scriptlet.spawn(deployer)
>   File "/usr/lib/python3.7/site-
> packages/pki/server/deployment/scriptlets/configuration.py", line 643,
> in spawn
>     self.import_system_certs(deployer, nssdb, subsystem)
>   File "/usr/lib/python3.7/site-
> packages/pki/server/deployment/scriptlets/configuration.py", line 199,
> in import_system_certs
>     self.import_system_cert(deployer, nssdb, subsystem, 'signing',
> 'CT,C,C')
>   File "/usr/lib/python3.7/site-
> packages/pki/server/deployment/scriptlets/configuration.py", line 144,
> in import_system_cert
>     trust_attributes=trust_attributes)
>   File "/usr/lib/python3.7/site-packages/pki/nssdb.py", line 1295, in
> import_cert_chain
>     trust_attributes=trust_attributes)
>   File "/usr/lib/python3.7/site-packages/pki/nssdb.py", line 1327, in
> import_pkcs7
>     subprocess.check_call(cmd)
>   File "/usr/lib64/python3.7/subprocess.py", line 347, in check_call
>     raise CalledProcessError(retcode, cmd)
>
>
> Installation failed: Command failed: pki -d /var/lib/pki/pki-
> tomcat/alias pkcs7-cert-export --pkcs7-file
> /tmp/tmpgx3puk6p/cert_chain.p7b --output-prefix /tmp/tmptc7rw5h0/cert
> --output-suffix .crt
>
> Please check pkispawn logs in /var/log/pki/pki-ca-
> spawn.20190819144510.log
>
>
> And these are configs:
> STEP1:
> [DEFAULT]
> pki_server_database_password=121212
>
> [CA]
> pki_admin_email=admin at postmet.com
> pki_admin_name=caadmin
> pki_admin_nickname=caadmin
> pki_admin_password=121212
> pki_admin_uid=caadmin
>
> pki_client_database_password=121212
> pki_client_database_purge=False
> pki_client_pkcs12_password=121212
>
> pki_ds_base_dn=dc=ca,dc=lvm,dc=postmet,dc=com
> pki_ds_database=ca
> pki_ds_password=121212
>
> pki_security_domain_name=lvm.postmet.com Security Domain
>
> pki_ca_signing_nickname=ca_signing
> pki_ocsp_signing_nickname=ca_ocsp_signing
> pki_audit_signing_nickname=ca_audit_signing
> pki_sslserver_nickname=sslserver
> pki_subsystem_nickname=subsystem
>
> pki_external=True
> pki_external_step_two=False
>
> pki_ca_signing_csr_path=ca_signing.csr
>
> STEP2:
> [DEFAULT]
> pki_instance_name = pki-tomcat
> pki_admin_password = 121212
> pki_backup_password = 121212
> pki_client_database_password = 121212
> pki_client_pin = 121212
> pki_client_pkcs12_password = 121212
> pki_clone_pkcs12_password = 121212
> pki_ds_password = 121212
> pki_external_pkcs12_password = 121212
> pki_pkcs12_password = 121212
> pki_replication_password = 121212
> pki_security_domain_password = 121212
> pki_server_database_password = 121212
> pki_server_pkcs12_password = 121212
> pki_token_password = 121212
>
> [CA]
> pki_admin_email=admin at postmet.com
> pki_admin_name=caadmin
> pki_admin_nickname=caadmin
> pki_admin_password=121212
> pki_admin_uid=caadmin
>
> pki_client_database_password=121212
> pki_client_database_purge=False
> pki_client_pkcs12_password=121212
>
> pki_ds_base_dn=dc=ca,dc=lvm,dc=postmet,dc=com
> pki_ds_database=ca
> pki_ds_password=121212
>
> pki_security_domain_name=lvm.postmet.com Security Domain
>
> pki_ca_signing_nickname=ca_signing
> pki_ocsp_signing_nickname=ca_ocsp_signing
> pki_audit_signing_nickname=ca_audit_signing
> pki_sslserver_nickname=sslserver
> pki_subsystem_nickname=subsystem
>
> pki_external=True
> pki_external_step_two=True
>
> pki_ca_signing_csr_path=ca_signing.csr
>
> pki_ca_signing_cert_path=ca_signing.crt
> pki_cert_chain_nickname=external
> pki_cert_chain_path=cert_chain.p7b
>
> pki_import_admin_cert = False
> pki_client_admin_cert = ca_admin.cert
> pki_admin_subject_dn=cn=PKI
> Administrator,o=%(pki_security_domain_name)s
>
>
>
> Please help
>
> --
> Pavel Ryabih
>
> PostMet Corporation
> http://www.postmet.com
>
> Call to sip:pr at postmet.com
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20190903/7c264ee1/attachment.htm>

From pr at postmet.com  Wed Sep  4 06:24:00 2019
From: pr at postmet.com (Pavel Ryabikh)
Date: Wed, 04 Sep 2019 09:24:00 +0300
Subject: [Pki-users] Installation failed: import_pkcs7
In-Reply-To: <CAM0Z3Sa2JmO0QfY=LpNpr9K_sX-Ngve03fUV9y6qt2YDOeMZnA@mail.gmail.com>
References: <12090714d87513f7dd718e18ae10ca3e2a591f09.camel@postmet.com>
	<CAM0Z3Sa2JmO0QfY=LpNpr9K_sX-Ngve03fUV9y6qt2YDOeMZnA@mail.gmail.com>
Message-ID: <6b87c54f590bb92f4c7508fab10f2a7cf821ec06.camel@postmet.com>

Thank you, Cristina, for trying to help.
I have sorted out an issue - it was incorrect certificate format.

Thanks again.

On Tue, 2019-09-03 at 08:54 -0700, Christina Fu wrote:
> Hi,
> Could you provide the following information?
> platform and Dogtag version
> debug log (can be found in /var/lib/pki/pki-tomcat/ca/logs/debug)
> thanks,
> Christina
> 
> On Mon, Aug 19, 2019 at 6:27 AM Pavel Ryabikh <pr at postmet.com> wrote:
> > Hello dear Dogtag PKI users!
> > 
> > 
> > I am trying to install the system already for some days - it fails:
> > 
> > There is a description:
> > [root at ca ~]# pkispawn -f ca-external-step2.cfg -s CA
> > Installation log: /var/log/pki/pki-ca-spawn.20190819144510.log
> > Loading deployment configuration from ca-external-step2.cfg.
> > Installing CA into /var/lib/pki/pki-tomcat.
> > ParsingException: IOException: Sequence tag error 9
> > ERROR   : pkispawn       CalledProcessError: Command '['pki', '-d',
> > '/var/lib/pki/pki-tomcat/alias', 'pkcs7-cert-export', '--pkcs7-
> > file',
> > '/tmp/tmpgx3puk6p/cert_chain.p7b', '--output-prefix',
> > '/tmp/tmptc7rw5h0/cert', '--output-suffix', '.crt']' returned non-
> > zero
> > exit status 255.
> >   File "/usr/lib/python3.7/site-packages/pki/server/pkispawn.py",
> > line
> > 546, in main
> >     scriptlet.spawn(deployer)
> >   File "/usr/lib/python3.7/site-
> > packages/pki/server/deployment/scriptlets/configuration.py", line
> > 643,
> > in spawn
> >     self.import_system_certs(deployer, nssdb, subsystem)
> >   File "/usr/lib/python3.7/site-
> > packages/pki/server/deployment/scriptlets/configuration.py", line
> > 199,
> > in import_system_certs
> >     self.import_system_cert(deployer, nssdb, subsystem, 'signing',
> > 'CT,C,C')
> >   File "/usr/lib/python3.7/site-
> > packages/pki/server/deployment/scriptlets/configuration.py", line
> > 144,
> > in import_system_cert
> >     trust_attributes=trust_attributes)
> >   File "/usr/lib/python3.7/site-packages/pki/nssdb.py", line 1295,
> > in
> > import_cert_chain
> >     trust_attributes=trust_attributes)
> >   File "/usr/lib/python3.7/site-packages/pki/nssdb.py", line 1327,
> > in
> > import_pkcs7
> >     subprocess.check_call(cmd)
> >   File "/usr/lib64/python3.7/subprocess.py", line 347, in
> > check_call
> >     raise CalledProcessError(retcode, cmd)
> > 
> > 
> > Installation failed: Command failed: pki -d /var/lib/pki/pki-
> > tomcat/alias pkcs7-cert-export --pkcs7-file
> > /tmp/tmpgx3puk6p/cert_chain.p7b --output-prefix
> > /tmp/tmptc7rw5h0/cert
> > --output-suffix .crt
> > 
> > Please check pkispawn logs in /var/log/pki/pki-ca-
> > spawn.20190819144510.log
> > 
> > 
> > And these are configs:
> > STEP1:
> > [DEFAULT]
> > pki_server_database_password=121212
> > 
> > [CA]
> > pki_admin_email=admin at postmet.com
> > pki_admin_name=caadmin
> > pki_admin_nickname=caadmin
> > pki_admin_password=121212
> > pki_admin_uid=caadmin
> > 
> > pki_client_database_password=121212
> > pki_client_database_purge=False
> > pki_client_pkcs12_password=121212
> > 
> > pki_ds_base_dn=dc=ca,dc=lvm,dc=postmet,dc=com
> > pki_ds_database=ca
> > pki_ds_password=121212
> > 
> > pki_security_domain_name=lvm.postmet.com Security Domain
> > 
> > pki_ca_signing_nickname=ca_signing
> > pki_ocsp_signing_nickname=ca_ocsp_signing
> > pki_audit_signing_nickname=ca_audit_signing
> > pki_sslserver_nickname=sslserver
> > pki_subsystem_nickname=subsystem
> > 
> > pki_external=True
> > pki_external_step_two=False
> > 
> > pki_ca_signing_csr_path=ca_signing.csr
> > 
> > STEP2:
> > [DEFAULT]
> > pki_instance_name = pki-tomcat
> > pki_admin_password = 121212
> > pki_backup_password = 121212
> > pki_client_database_password = 121212
> > pki_client_pin = 121212
> > pki_client_pkcs12_password = 121212
> > pki_clone_pkcs12_password = 121212
> > pki_ds_password = 121212
> > pki_external_pkcs12_password = 121212
> > pki_pkcs12_password = 121212
> > pki_replication_password = 121212
> > pki_security_domain_password = 121212
> > pki_server_database_password = 121212
> > pki_server_pkcs12_password = 121212
> > pki_token_password = 121212
> > 
> > [CA]
> > pki_admin_email=admin at postmet.com
> > pki_admin_name=caadmin
> > pki_admin_nickname=caadmin
> > pki_admin_password=121212
> > pki_admin_uid=caadmin
> > 
> > pki_client_database_password=121212
> > pki_client_database_purge=False
> > pki_client_pkcs12_password=121212
> > 
> > pki_ds_base_dn=dc=ca,dc=lvm,dc=postmet,dc=com
> > pki_ds_database=ca
> > pki_ds_password=121212
> > 
> > pki_security_domain_name=lvm.postmet.com Security Domain
> > 
> > pki_ca_signing_nickname=ca_signing
> > pki_ocsp_signing_nickname=ca_ocsp_signing
> > pki_audit_signing_nickname=ca_audit_signing
> > pki_sslserver_nickname=sslserver
> > pki_subsystem_nickname=subsystem
> > 
> > pki_external=True
> > pki_external_step_two=True
> > 
> > pki_ca_signing_csr_path=ca_signing.csr
> > 
> > pki_ca_signing_cert_path=ca_signing.crt
> > pki_cert_chain_nickname=external
> > pki_cert_chain_path=cert_chain.p7b
> > 
> > pki_import_admin_cert = False
> > pki_client_admin_cert = ca_admin.cert
> > pki_admin_subject_dn=cn=PKI
> > Administrator,o=%(pki_security_domain_name)s
> > 
> > 
> > 
> > Please help
> > 
-- 
Pavel Ryabih

PostMet Corporation
http://www.postmet.com 

Call to sip:pr at postmet.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3869 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-users/attachments/20190904/973965b9/attachment.bin>

From pr at postmet.com  Mon Sep  9 07:32:01 2019
From: pr at postmet.com (Pavel Ryabikh)
Date: Mon, 09 Sep 2019 10:32:01 +0300
Subject: [Pki-users] sscep enroll error
Message-ID: <4aaa38b598ca9529d5061f0dd2686cbdd7f47451.camel@postmet.com>

Hello dear PKI-users!

Our pki system version is:
Fedora 29. 
pki-server-10.8.0-0.1.fc30.noarch

We are configured SCEP following:
https://www.dogtagpki.org/wiki/SCEP_Setup

CS.cfg:
...
ca.scep.allowedEncryptionAlgorithms=DES,DES3
ca.scep.allowedHashAlgorithms=MD5,SHA1,SHA256,SHA512
ca.scep.enable=true
ca.scep.encryptionAlgorithm=DES
ca.scep.hashAlgorithm=MD5
ca.scep.nonceSizeLimit=16
...

we also
- installed SSCEP client
- generated CA certificate
$ sscep getca -u http://$HOSTNAME:8080/ca/cgi-bin/pkiclient.exe -c ca.crt
it is checked by
$ openssl x509 -in ca.crt -text
and it is correct
- generated CSR request and a key
$ /usr/bin/mkrequest -ip 172.16.24.238 Uojs93wkfd0IS

and when trying to test enroll we are getting the followng error:
(Could not unwrap PKCS10 blob: java.security.cert.CertificateException:
Error instantiating class for challenge_password
java.lang.ClassNotFoundException): 

# sscep enroll -u http://$HOSTNAME:8080/ca/cgi-bin/pkiclient.exe -c
ca.crt -k local.key -r local.csr -l cert.crt -d

sscep: starting sscep, version 0.6.1
sscep: new transaction
sscep: transaction id: D41D8CD98F00B204E9800998ECF8427E
sscep: hostname: ca.lvm.postmet.com
sscep: directory: ca/cgi-bin/pkiclient.exe
sscep: port: 8080
sscep:  Read request with transaction id:
9A6C3918C54DB994E7E951505983A181
sscep: generating selfsigned certificate
sscep: SCEP_OPERATION_ENROLL
sscep: sending certificate request
sscep: creating inner PKCS#7
sscep: inner PKCS#7 in mem BIO 
sscep: request data dump 
-----BEGIN CERTIFICATE REQUEST-----
MIIBmz..........GDEWMBQGA1UEAwwNMTcyLjE2LjI0LjIzODCBnzANBgkqhkiG
9w0BAQEFAAOBjQAwgYkCgYEAsfeobE3UTqt4Sd9vPnyG+ugzbW9uG1nXlm8Vv39M
ACJqfgxU6os8Kh6sElQcjXn5lNiy8L7VAX/Oqyp2SEcb4qAoIMCBMTLN7UzRHIpQ
Kr9c6oZIcvUc0mBWpDbv3jcqdTfF1MoIs2/qyAVPg2f5sZ42V1w8IDZ6TM3JZK6/
ckUCAwEAAaBDMBwGCSqGSIb3DQEJBzEPDA1Vb2pzOTN3a2ZkMElTMCMGCSqGSIb3
DQEJDjEWMBQwEgYDVR0RAQH/BAgwBocErBAY7jANBgkqhkiG9w0BAQsFAAOBgQA5
URuLsrH0bKtBqrNiaPT1nMQ+fRAJ6Ckjfj/pQsyXO0Nll7blBdbErOtSzDR5yV91
g6/oin5LPn/RwT1hATfjCniF4UVfotLnFjKQe7icsS82gl2FNT+pG1CjTAqxJqZO
oBe+ZWzs4cx7wHerjk5u8baz79XFfkQyCdL6QRVlTA==
-----END CERTIFICATE REQUEST-----
sscep: data payload size: 415 bytes

 sscep: hexdump request payload 
3082019b3082010402010030183116301406035504030c0d3137322e31362e32342e323
33830819f300d06092a864886f70d010101050003818d0030818902818100b1f7a86c4d
d44eab7849df6f3e7c86fae8336d6f6e1b59d7966f15bf7f4c00226a7e0c54ea8b3c2a1
eac12541c8d79f994d8b2f0bed5017fceab2a7648471be2a02820c0813132cded4cd11c
8a502abf5cea864872f51cd26056a436efde372a7537c5d4ca08b36feac8054f8367f9b
19e36575c3c20367a4ccdc964aebf72450203010001a043301c06092a864886f70d0109
07310f0c0d556f6a733933776b6664304953302306092a864886f70d01090e311630143
0120603551d110101ff040830068704ac1018ee300d06092a864886f70d01010b050003
81810039511b8bb2b1f46cab41aab36268f4f59cc43e7d1009e829237e3fe942cc973b4
36597b6e505d6c4aceb52cc3479c95f7583afe88a7e4b3e7fd1c13d610137e30a7885e1
455fa2d2e71632907bb89cb12f36825d85353fa91b50a34c0ab126a64ea017be656cece
1cc7bc077ab8e4e6ef1b6b3efd5c57e443209d2fa4115654c
 sscep: hexdump payload 415 
sscep: successfully encrypted payload
sscep: envelope size: 956 bytes
sscep: printing PEM fomatted PKCS#7
-----BEGIN PKCS7-----
MIIDu..........NAQcDoIIDqTCCA6UCAQAxggHYMIIB1AIBADCBuzCBpTELMAkG
A1UEBhMCU0MxGTAXBgNVBAgTEE1haGUsIFNleWNoZWxsZXMxHDAaBgNVBAoTE1Bv
c3RNZXQgQ29ycG9yYXRpb24xGTAXBgNVBAsTEFNTTCBrZXkgZGl2aXNpb24xIDAe
BgNVBAMTF1Bvc3RNZXQgUm9vdCBDQSBDbGFzcyAxMSAwHgYJKoZIhvcNAQkBFhFh
ZG1pbkBwb3N0bWV0LmNvbQIRE0hlg2RXY0h1Y0doMWQ1h8EwDQYJKoZIhvcNAQEB
BQAEggEAgHq5KowCLbOAX/E3YRrheGwmQqHHHCf2mPHEAx835nifRSd1pPbU9587
8zOFihn+BY76caLss0eJyjTmh68mksh9Qzgc8sewyPWWgq2ilnE3eZtiiGpjf6Gj
e7AN38gY4y6MU0NU04r/E16tcPAuP+/7mmrr+Lh4PYxSn/LkXFy9GOdnGaTmaphv
L0qwxb1pS4OO765cumy5IFyJHAn3O5EyNJYuxNPuoXu8azxACKb19SVnEuay0Z2W
L0/WCYMNpN6kdX/1KceTlg6Gu8oxqVwBvHUewLvn91Lyy8d+EgPMJOPTXRnZSC49
U4AUes2yA9Idbt4ZLNNIktdsK6MhgjCCAcIGCSqGSIb3DQEHATARBgUrDgMCBwQI
+d5X8SPX45KAggGg1CRRmVhAwHcj2zE7uScsfMUzyDiuw3c7fdy3W653pYswYVel
CpqQbK6chMv6ya1OCi3G1dMY3+M1sa21nc30tpAeF1MonFD9YSTuvTJVYHo5gAob
mjnhNsYL+7H0VGWiRzmDNG+HzgUzQbrdk5vFd/4Wbc5UMTy++7PdXO8e+e300FTl
iM96uijNS6QoZruM8vp2eNn1IymLwFv8xfwibJnzAz0SYXpbRJK9I+39g5rGA1/s
uTRAa7W2Bc4lp71ROdsHBH3aJDYkzcrffd9nGy+b5icnRZa2S6TJTOEQkWpQos5k
YQMi8+/3Chb8IBeH8HQ6/23PjjqIFVAHxj+pPlpiN4psx/10i9WAHzMBfUnodpPE
+yqKLTFmo037A/LNEH4NorN9E/yPDsHVp3gwjMG60cLO9ipQHCMMjpCxQF4jwaTC
5W0fZd8uVZyayBXR0qLKBAhhtz6Y6k3zcXUBNjqKO1tyCUemndxLbuMPBMB1JZ7c
Km7TipKk+LCMNBwVbLFIPCGQUchzGnJD+fzaQKLTca9fKieLpca8Ui/Ur8o=
-----END PKCS7-----
sscep: creating outer PKCS#7
sscep: signature added successfully
sscep: adding signed attributes
sscep: adding string attribute transId
sscep: adding string attribute messageType
sscep: adding octet attribute senderNonce
sscep: PKCS#7 data written successfully
sscep: printing PEM fomatted PKCS#7
-----BEGIN PKCS7-----
MIIHc..........NAQcCoIIHYjCCB14CAQExDjAMBggqhkiG9w0CBQUAMIIDzwYJ
KoZIhvcNAQcBoIIDwASCA7wwggO4BgkqhkiG9w0BBwOgggOpMIIDpQIBADGCAdgw
ggHUAgEAMIG7MIGlMQswCQYDVQQGEwJTQzEZMBcGA1UECBMQTWFoZSwgU2V5Y2hl
bGxlczEcMBoGA1UEChMTUG9zdE1ldCBDb3Jwb3JhdGlvbjEZMBcGA1UECxMQU1NM
IGtleSBkaXZpc2lvbjEgMB4GA1UEAxMXUG9zdE1ldCBSb290IENBIENsYXNzIDEx
IDAeBgkqhkiG9w0BCQEWEWFkbWluQHBvc3RtZXQuY29tAhETSGWDZFdjSHVjR2gx
ZDWHwTANBgkqhkiG9w0BAQEFAASCAQCAerkqjAIts4Bf8TdhGuF4bCZCocccJ/aY
8cQDHzfmeJ9FJ3Wk9tT3nzvzM4WKGf4FjvpxouyzR4nKNOaHryaSyH1DOBzyx7DI
9ZaCraKWcTd5m2KIamN/oaN7sA3fyBjjLoxTQ1TTiv8TXq1w8C4/7/uaauv4uHg9
jFKf8uRcXL0Y52cZpOZqmG8vSrDFvWlLg47vrly6bLkgXIkcCfc7kTI0li7E0+6h
e7xrPEAIpvX1JWcS5rLRnZYvT9YJgw2k3qR1f/Upx5OWDoa7yjGpXAG8dR7Au+f3
UvLLx34SA8wk49NdGdlILj1TgBR6zbID0h1u3hks00iS12wroyGCMIIBwgYJKoZI
hvcNAQcBMBEGBSsOAwIHBAj53lfxI9fjkoCCAaDUJFGZWEDAdyPbMTu5Jyx8xTPI
OK7Ddzt93LdbrnelizBhV6UKmpBsrpyEy/rJrU4KLcbV0xjf4zWxrbWdzfS2kB4X
UyicUP1hJO69MlVgejmAChuaOeE2xgv7sfRUZaJHOYM0b4fOBTNBut2Tm8V3/hZt
zlQxPL77s91c7x757fTQVOWIz3q6KM1LpChmu4zy+nZ42fUjKYvAW/zF/CJsmfMD
PRJheltEkr0j7f2DmsYDX+y5NEBrtbYFziWnvVE52wcEfdokNiTNyt9932cbL5vm
JydFlrZLpMlM4RCRalCizmRhAyLz7/cKFvwgF4fwdDr/bc+OOogVUAfGP6k+WmI3
imzH/XSL1YAfMwF9Seh2k8T7KootMWajTfsD8s0Qfg2is30T/I8OwdWneDCMwbrR
ws72KlAcIwyOkLFAXiPBpMLlbR9l3y5VnJrIFdHSosoECGG3PpjqTfNxdQE2Ooo7
W3IJR6ad3Etu4w8EwHUlntwqbtOKkqT4sIw0HBVssUg8IZBRyHMackP5/NpAotNx
r18qJ4ulxrxSL9SvyqCCAccwggHDMIIBLKADAgECAiA5QTZDMzkxOEM1NERCOTk0
RTdFOTUxNTA1OTgzQTE4MTANBgkqhkiG9w0BAQQFADAYMRYwFAYDVQQDDA0xNzIu
MTYuMjQuMjM4MB4XDTE5MDkwOTA3MTIzMloXDTE5MDkxNTA5MTIzMlowGDEWMBQG
A1UEAwwNMTcyLjE2LjI0LjIzODCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
sfeobE3UTqt4Sd9vPnyG+ugzbW9uG1nXlm8Vv39MACJqfgxU6os8Kh6sElQcjXn5
lNiy8L7VAX/Oqyp2SEcb4qAoIMCBMTLN7UzRHIpQKr9c6oZIcvUc0mBWpDbv3jcq
dTfF1MoIs2/qyAVPg2f5sZ42V1w8IDZ6TM3JZK6/ckUCAwEAATANBgkqhkiG9w0B
AQQFAAOBgQATop2OWQJzY3Axds0+9PGPAc0xGtlUQ462teCwgkm6bbrBr7eYhQeL
gsT07aesE+37wrtOfmXBucDrdextS6OxW3g5KzC8Gp1yPXHglt8nUUESy9ooF490
TZDBIIQ5yBbMk+AYy0IOWQURlNcc8RJ5LmJXnbq4G/etkLGGyELXxDGCAakwggGl
AgEBMDwwGDEWMBQGA1UEAwwNMTcyLjE2LjI0LjIzOAIgOUE2QzM5MThDNTREQjk5
NEU3RTk1MTUwNTk4M0ExODEwDAYIKoZIhvcNAgUFAKCBwTASBgpghkgBhvhFAQkC
MQQTAjE5MBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8X
DTE5MDkwOTA3MTIzMlowHwYJKoZIhvcNAQkEMRIEEMhY6izfmIjbrJo0kGbUbbQw
IAYKYIZIAYb4RQEJBTESBBDpm5bmNyqQpJbJXX9leZwfMDAGCmCGSAGG+EUBCQcx
IhMgOUE2QzM5MThDNTREQjk5NEU3RTk1MTUwNTk4M0ExODEwDQYJKoZIhvcNAQEB
BQAEgYBThSGDFq9BdXNiOmDxxgw03eEEpxHKTn5jwdHnHxR5nLq2IKmVicyAdyuu
Ax/ohg2CAU8+g+k914OzYWMh611mmKu5UyliRmq5LofTgXxzF3duW6aeRkMWxpDb
zMp1TGXlKryeo1uPpZ5xZ0GGPqbkhsFlgCc2mhn35B7M2bD4jg==
-----END PKCS7-----
sscep: applying base64 encoding
sscep: base64 encoded payload size: 2588 bytes
sscep: scep msg: GET /ca/cgi-
bin/pkiclient.exe?operation=PKIOperation&message=MIIHc..........NAQcCoI
IHYjCCB14CAQExDjAMBggqhkiG9w0CBQUAMIIDzwYJ%0AKoZIhvcNAQcBoIIDwASCA7wwgg
O4BgkqhkiG9w0BBwOgggOpMIIDpQIBADGCAdgw%0AggHUAgEAMIG7MIGlMQswCQYDVQQGEw
JTQzEZMBcGA1UECBMQTWFoZSwgU2V5Y2hl%0AbGxlczEcMBoGA1UEChMTUG9zdE1ldCBDb3
Jwb3JhdGlvbjEZMBcGA1UECxMQU1NM%0AIGtleSBkaXZpc2lvbjEgMB4GA1UEAxMXUG9zdE
1ldCBSb290IENBIENsYXNzIDEx%0AIDAeBgkqhkiG9w0BCQEWEWFkbWluQHBvc3RtZXQuY2
9tAhETSGWDZFdjSHVjR2gx%0AZDWHwTANBgkqhkiG9w0BAQEFAASCAQCAerkqjAIts4Bf8T
dhGuF4bCZCocccJ/aY%0A8cQDHzfmeJ9FJ3Wk9tT3nzvzM4WKGf4FjvpxouyzR4nKNOaHry
aSyH1DOBzyx7DI%0A9ZaCraKWcTd5m2KIamN/oaN7sA3fyBjjLoxTQ1TTiv8TXq1w8C4/7/
uaauv4uHg9%0AjFKf8uRcXL0Y52cZpOZqmG8vSrDFvWlLg47vrly6bLkgXIkcCfc7kTI0li
7E0%2B6h%0Ae7xrPEAIpvX1JWcS5rLRnZYvT9YJgw2k3qR1f/Upx5OWDoa7yjGpXAG8dR7A
u%2Bf3%0AUvLLx34SA8wk49NdGdlILj1TgBR6zbID0h1u3hks00iS12wroyGCMIIBwgYJKo
ZI%0AhvcNAQcBMBEGBSsOAwIHBAj53lfxI9fjkoCCAaDUJFGZWEDAdyPbMTu5Jyx8xTPI%0
AOK7Ddzt93LdbrnelizBhV6UKmpBsrpyEy/rJrU4KLcbV0xjf4zWxrbWdzfS2kB4X%0AUyi
cUP1hJO69MlVgejmAChuaOeE2xgv7sfRUZaJHOYM0b4fOBTNBut2Tm8V3/hZt%0AzlQxPL7
7s91c7x757fTQVOWIz3q6KM1LpChmu4zy%2BnZ42fUjKYvAW/zF/CJsmfMD%0APRJheltEk
r0j7f2DmsYDX%2By5NEBrtbYFziWnvVE52wcEfdokNiTNyt9932cbL5vm%0AJydFlrZLpMl
M4RCRalCizmRhAyLz7/cKFvwgF4fwdDr/bc%2BOOogVUAfGP6k%2BWmI3%0AimzH/XSL1YA
fMwF9Seh2k8T7KootMWajTfsD8s0Qfg2is30T/I8OwdWneDCMwbrR%0Aws72KlAcIwyOkLF
AXiPBpMLlbR9l3y5VnJrIFdHSosoECGG3PpjqTfNxdQE2Ooo7%0AW3IJR6ad3Etu4w8EwHU
lntwqbtOKkqT4sIw0HBVssUg8IZBRyHMackP5/NpAotNx%0Ar18qJ4ulxrxSL9SvyqCCAcc
wggHDMIIBLKADAgECAiA5QTZDMzkxOEM1NERCOTk0%0ARTdFOTUxNTA1OTgzQTE4MTANBgk
qhkiG9w0BAQQFADAYMRYwFAYDVQQDDA0xNzIu%0AMTYuMjQuMjM4MB4XDTE5MDkwOTA3MTI
zMloXDTE5MDkxNTA5MTIzMlowGDEWMBQG%0AA1UEAwwNMTcyLjE2LjI0LjIzODCBnzANBgk
qhkiG9w0BAQEFAAOBjQAwgYkCgYEA%0AsfeobE3UTqt4Sd9vPnyG%2BugzbW9uG1nXlm8Vv
39MACJqfgxU6os8Kh6sElQcjXn5%0AlNiy8L7VAX/Oqyp2SEcb4qAoIMCBMTLN7UzRHIpQK
r9c6oZIcvUc0mBWpDbv3jcq%0AdTfF1MoIs2/qyAVPg2f5sZ42V1w8IDZ6TM3JZK6/ckUCA
wEAATANBgkqhkiG9w0B%0AAQQFAAOBgQATop2OWQJzY3Axds0%2B9PGPAc0xGtlUQ462teC
wgkm6bbrBr7eYhQeL%0AgsT07aesE%2B37wrtOfmXBucDrdextS6OxW3g5KzC8Gp1yPXHgl
t8nUUESy9ooF490%0ATZDBIIQ5yBbMk%2BAYy0IOWQURlNcc8RJ5LmJXnbq4G/etkLGGyEL
XxDGCAakwggGl%0AAgEBMDwwGDEWMBQGA1UEAwwNMTcyLjE2LjI0LjIzOAIgOUE2QzM5MTh
DNTREQjk5%0ANEU3RTk1MTUwNTk4M0ExODEwDAYIKoZIhvcNAgUFAKCBwTASBgpghkgBhvh
FAQkC%0AMQQTAjE5MBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8
X%0ADTE5MDkwOTA3MTIzMlowHwYJKoZIhvcNAQkEMRIEEMhY6izfmIjbrJo0kGbUbbQw%0A
IAYKYIZIAYb4RQEJBTESBBDpm5bmNyqQpJbJXX9leZwfMDAGCmCGSAGG%2BEUBCQcx%0AIh
MgOUE2QzM5MThDNTREQjk5NEU3RTk1MTUwNTk4M0ExODEwDQYJKoZIhvcNAQEB%0ABQAEgY
BThSGDFq9BdXNiOmDxxgw03eEEpxHKTn5jwdHnHxR5nLq2IKmVicyAdyuu%0AAx/ohg2CAU
8%2Bg%2Bk914OzYWMh611mmKu5UyliRmq5LofTgXxzF3duW6aeRkMWxpDb%0AzMp1TGXlKr
yeo1uPpZ5xZ0GGPqbkhsFlgCc2mhn35B7M2bD4jg%3D%3D%0A HTTP/1.0

sscep: server returned status code 500
sscep: mime_err: HTTP/1.1 500 
Content-Type: text/html;charset=utf-8
Content-Language: en
Content-Length: 3234
Date: Mon, 09 Sep 2019 07:12:32 GMT
Connection: close

<!doctype html><html lang="en"><head><title>HTTP Status 500 ? Internal
Server Error</title><style type="text/css">h1 {font-
family:Tahoma,Arial,sans-serif;color:white;background-
color:#525D76;font-size:22px;} h2 {font-family:Tahoma,Arial,sans-
serif;color:white;background-color:#525D76;font-size:16px;} h3 {font-
family:Tahoma,Arial,sans-serif;color:white;background-
color:#525D76;font-size:14px;} body {font-family:Tahoma,Arial,sans-
serif;color:black;background-color:white;} b {font-
family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} p
{font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-
size:12px;} a {color:black;} a.name {color:black;} .line
{height:1px;background-
color:#525D76;border:none;}</style></head><body><h1>HTTP Status 500 ?
Internal Server Error</h1><hr class="line" /><p><b>Type</b> Exception
Report</p><p><b>Message</b> Couldn&#39;t handle CEP request (PKCSReq) -
Could not unwrap PKCS10 blob: java.security.cert.CertificateException:
Error instantiating class for challenge_password
java.lang.ClassNotFoundException:
com.netscape.cms.servlet.cert.scep.ChallengePassword</p><p><b>Descripti
on</b> The server encountered an unexpected condition that prevented it
from fulfilling the
request.</p><p><b>Exception</b></p><pre>javax.servlet.ServletException:
Couldn&#39;t handle CEP request (PKCSReq) - Could not unwrap PKCS10
blob: java.security.cert.CertificateException: Error instantiating
class for challenge_password java.lang.ClassNotFoundException:
com.netscape.cms.servlet.cert.scep.ChallengePassword
        com.netscape.cms.servlet.cert.scep.CRSEnrollment.service(CRSEnr
ollment.java:397)
        javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
        sun.reflect.GeneratedMethodAccessor48.invoke(Unknown Source)
        sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMetho
dAccessorImpl.java:43)
        java.lang.reflect.Method.invoke(Method.java:498)
        org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.ja
va:282)
        org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.ja
va:279)
        java.security.AccessController.doPrivileged(Native Method)
        javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
        org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.
java:314)
        org.apache.catalina.security.SecurityUtil.doAsPrivilege(Securit
yUtil.java:170)
        java.security.AccessController.doPrivileged(Native Method)
        org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.j
ava:53)
        sun.reflect.GeneratedMethodAccessor47.invoke(Unknown Source)
        sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMetho
dAccessorImpl.java:43)
        java.lang.reflect.Method.invoke(Method.java:498)
        org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.ja
va:282)
        org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.ja
va:279)
        java.security.AccessController.doPrivileged(Native Method)
        javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
        org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.
java:314)
        org.apache.catalina.security.SecurityUtil.doAsPrivilege(Securit
yUtil.java:253)
</pre><p><b>Note</b> The full stack trace of the root cause is
available in the server logs.</p><hr class="line" /><h3>Apache
Tomcat/9.0.21</h3></body></html>
sscep: wrong (or missing) MIME content type
sscep: error while sending message


Why it is trying to unwrap PKCS10 if we are sending PKCS7 ?
How it can be fixed ?
I am sure you know it.
Please help.



-- 
Pavel Ryabih

PostMet Corporation
http://www.postmet.com 

Call to sip:pr at postmet.com



From dmoluguw at redhat.com  Tue Sep 10 16:16:22 2019
From: dmoluguw at redhat.com (Dinesh Prasanth Moluguwan Krishnamoorthy)
Date: Tue, 10 Sep 2019 12:16:22 -0400
Subject: [Pki-users] sscep enroll error
In-Reply-To: <4aaa38b598ca9529d5061f0dd2686cbdd7f47451.camel@postmet.com>
References: <4aaa38b598ca9529d5061f0dd2686cbdd7f47451.camel@postmet.com>
Message-ID: <579d7458101fa73047785be465ca799437405f98.camel@redhat.com>

Hi Pavel,

There was a recent merger of pki-cmscore.jar into pki-cms.jar [1]. As a
consequence, `com.netscape.cms.servlet.cert.scep.ChallengePassword` was
also affected. I suspect there is some mismatch in the installed
version of the packages.

Can you post the result of:

`rpm -qa | grep pki` ?

[1] 
https://github.com/dogtagpki/pki/commits/master/base/server/src/com/netscape/cms/servlet/cert/scep/ChallengePassword.java

Regards,
--Dinesh

On Mon, 2019-09-09 at 10:32 +0300, Pavel Ryabikh wrote:
> Hello dear PKI-users!
> 
> Our pki system version is:
> Fedora 29. 
> pki-server-10.8.0-0.1.fc30.noarch
> 
> We are configured SCEP following:
> https://www.dogtagpki.org/wiki/SCEP_Setup
> 
> CS.cfg:
> ...
> ca.scep.allowedEncryptionAlgorithms=DES,DES3
> ca.scep.allowedHashAlgorithms=MD5,SHA1,SHA256,SHA512
> ca.scep.enable=true
> ca.scep.encryptionAlgorithm=DES
> ca.scep.hashAlgorithm=MD5
> ca.scep.nonceSizeLimit=16
> ...
> 
> we also
> - installed SSCEP client
> - generated CA certificate
> $ sscep getca -u http://$HOSTNAME:8080/ca/cgi-bin/pkiclient.exe -c
> ca.crt
> it is checked by
> $ openssl x509 -in ca.crt -text
> and it is correct
> - generated CSR request and a key
> $ /usr/bin/mkrequest -ip 172.16.24.238 Uojs93wkfd0IS
> 
> and when trying to test enroll we are getting the followng error:
> (Could not unwrap PKCS10 blob:
> java.security.cert.CertificateException:
> Error instantiating class for challenge_password
> java.lang.ClassNotFoundException): 
> 
> # sscep enroll -u http://$HOSTNAME:8080/ca/cgi-bin/pkiclient.exe -c
> ca.crt -k local.key -r local.csr -l cert.crt -d
> 
> sscep: starting sscep, version 0.6.1
> sscep: new transaction
> sscep: transaction id: D41D8CD98F00B204E9800998ECF8427E
> sscep: hostname: ca.lvm.postmet.com
> sscep: directory: ca/cgi-bin/pkiclient.exe
> sscep: port: 8080
> sscep:  Read request with transaction id:
> 9A6C3918C54DB994E7E951505983A181
> sscep: generating selfsigned certificate
> sscep: SCEP_OPERATION_ENROLL
> sscep: sending certificate request
> sscep: creating inner PKCS#7
> sscep: inner PKCS#7 in mem BIO 
> sscep: request data dump 
> -----BEGIN CERTIFICATE REQUEST-----
> MIIBmz..........GDEWMBQGA1UEAwwNMTcyLjE2LjI0LjIzODCBnzANBgkqhkiG
> 9w0BAQEFAAOBjQAwgYkCgYEAsfeobE3UTqt4Sd9vPnyG+ugzbW9uG1nXlm8Vv39M
> ACJqfgxU6os8Kh6sElQcjXn5lNiy8L7VAX/Oqyp2SEcb4qAoIMCBMTLN7UzRHIpQ
> Kr9c6oZIcvUc0mBWpDbv3jcqdTfF1MoIs2/qyAVPg2f5sZ42V1w8IDZ6TM3JZK6/
> ckUCAwEAAaBDMBwGCSqGSIb3DQEJBzEPDA1Vb2pzOTN3a2ZkMElTMCMGCSqGSIb3
> DQEJDjEWMBQwEgYDVR0RAQH/BAgwBocErBAY7jANBgkqhkiG9w0BAQsFAAOBgQA5
> URuLsrH0bKtBqrNiaPT1nMQ+fRAJ6Ckjfj/pQsyXO0Nll7blBdbErOtSzDR5yV91
> g6/oin5LPn/RwT1hATfjCniF4UVfotLnFjKQe7icsS82gl2FNT+pG1CjTAqxJqZO
> oBe+ZWzs4cx7wHerjk5u8baz79XFfkQyCdL6QRVlTA==
> -----END CERTIFICATE REQUEST-----
> sscep: data payload size: 415 bytes
> 
>  sscep: hexdump request payload 
> 3082019b3082010402010030183116301406035504030c0d3137322e31362e32342e3
> 23
> 33830819f300d06092a864886f70d010101050003818d0030818902818100b1f7a86c
> 4d
> d44eab7849df6f3e7c86fae8336d6f6e1b59d7966f15bf7f4c00226a7e0c54ea8b3c2
> a1
> eac12541c8d79f994d8b2f0bed5017fceab2a7648471be2a02820c0813132cded4cd1
> 1c
> 8a502abf5cea864872f51cd26056a436efde372a7537c5d4ca08b36feac8054f8367f
> 9b
> 19e36575c3c20367a4ccdc964aebf72450203010001a043301c06092a864886f70d01
> 09
> 07310f0c0d556f6a733933776b6664304953302306092a864886f70d01090e3116301
> 43
> 0120603551d110101ff040830068704ac1018ee300d06092a864886f70d01010b0500
> 03
> 81810039511b8bb2b1f46cab41aab36268f4f59cc43e7d1009e829237e3fe942cc973
> b4
> 36597b6e505d6c4aceb52cc3479c95f7583afe88a7e4b3e7fd1c13d610137e30a7885
> e1
> 455fa2d2e71632907bb89cb12f36825d85353fa91b50a34c0ab126a64ea017be656ce
> ce
> 1cc7bc077ab8e4e6ef1b6b3efd5c57e443209d2fa4115654c
>  sscep: hexdump payload 415 
> sscep: successfully encrypted payload
> sscep: envelope size: 956 bytes
> sscep: printing PEM fomatted PKCS#7
> -----BEGIN PKCS7-----
> MIIDu..........NAQcDoIIDqTCCA6UCAQAxggHYMIIB1AIBADCBuzCBpTELMAkG
> A1UEBhMCU0MxGTAXBgNVBAgTEE1haGUsIFNleWNoZWxsZXMxHDAaBgNVBAoTE1Bv
> c3RNZXQgQ29ycG9yYXRpb24xGTAXBgNVBAsTEFNTTCBrZXkgZGl2aXNpb24xIDAe
> BgNVBAMTF1Bvc3RNZXQgUm9vdCBDQSBDbGFzcyAxMSAwHgYJKoZIhvcNAQkBFhFh
> ZG1pbkBwb3N0bWV0LmNvbQIRE0hlg2RXY0h1Y0doMWQ1h8EwDQYJKoZIhvcNAQEB
> BQAEggEAgHq5KowCLbOAX/E3YRrheGwmQqHHHCf2mPHEAx835nifRSd1pPbU9587
> 8zOFihn+BY76caLss0eJyjTmh68mksh9Qzgc8sewyPWWgq2ilnE3eZtiiGpjf6Gj
> e7AN38gY4y6MU0NU04r/E16tcPAuP+/7mmrr+Lh4PYxSn/LkXFy9GOdnGaTmaphv
> L0qwxb1pS4OO765cumy5IFyJHAn3O5EyNJYuxNPuoXu8azxACKb19SVnEuay0Z2W
> L0/WCYMNpN6kdX/1KceTlg6Gu8oxqVwBvHUewLvn91Lyy8d+EgPMJOPTXRnZSC49
> U4AUes2yA9Idbt4ZLNNIktdsK6MhgjCCAcIGCSqGSIb3DQEHATARBgUrDgMCBwQI
> +d5X8SPX45KAggGg1CRRmVhAwHcj2zE7uScsfMUzyDiuw3c7fdy3W653pYswYVel
> CpqQbK6chMv6ya1OCi3G1dMY3+M1sa21nc30tpAeF1MonFD9YSTuvTJVYHo5gAob
> mjnhNsYL+7H0VGWiRzmDNG+HzgUzQbrdk5vFd/4Wbc5UMTy++7PdXO8e+e300FTl
> iM96uijNS6QoZruM8vp2eNn1IymLwFv8xfwibJnzAz0SYXpbRJK9I+39g5rGA1/s
> uTRAa7W2Bc4lp71ROdsHBH3aJDYkzcrffd9nGy+b5icnRZa2S6TJTOEQkWpQos5k
> YQMi8+/3Chb8IBeH8HQ6/23PjjqIFVAHxj+pPlpiN4psx/10i9WAHzMBfUnodpPE
> +yqKLTFmo037A/LNEH4NorN9E/yPDsHVp3gwjMG60cLO9ipQHCMMjpCxQF4jwaTC
> 5W0fZd8uVZyayBXR0qLKBAhhtz6Y6k3zcXUBNjqKO1tyCUemndxLbuMPBMB1JZ7c
> Km7TipKk+LCMNBwVbLFIPCGQUchzGnJD+fzaQKLTca9fKieLpca8Ui/Ur8o=
> -----END PKCS7-----
> sscep: creating outer PKCS#7
> sscep: signature added successfully
> sscep: adding signed attributes
> sscep: adding string attribute transId
> sscep: adding string attribute messageType
> sscep: adding octet attribute senderNonce
> sscep: PKCS#7 data written successfully
> sscep: printing PEM fomatted PKCS#7
> -----BEGIN PKCS7-----
> MIIHc..........NAQcCoIIHYjCCB14CAQExDjAMBggqhkiG9w0CBQUAMIIDzwYJ
> KoZIhvcNAQcBoIIDwASCA7wwggO4BgkqhkiG9w0BBwOgggOpMIIDpQIBADGCAdgw
> ggHUAgEAMIG7MIGlMQswCQYDVQQGEwJTQzEZMBcGA1UECBMQTWFoZSwgU2V5Y2hl
> bGxlczEcMBoGA1UEChMTUG9zdE1ldCBDb3Jwb3JhdGlvbjEZMBcGA1UECxMQU1NM
> IGtleSBkaXZpc2lvbjEgMB4GA1UEAxMXUG9zdE1ldCBSb290IENBIENsYXNzIDEx
> IDAeBgkqhkiG9w0BCQEWEWFkbWluQHBvc3RtZXQuY29tAhETSGWDZFdjSHVjR2gx
> ZDWHwTANBgkqhkiG9w0BAQEFAASCAQCAerkqjAIts4Bf8TdhGuF4bCZCocccJ/aY
> 8cQDHzfmeJ9FJ3Wk9tT3nzvzM4WKGf4FjvpxouyzR4nKNOaHryaSyH1DOBzyx7DI
> 9ZaCraKWcTd5m2KIamN/oaN7sA3fyBjjLoxTQ1TTiv8TXq1w8C4/7/uaauv4uHg9
> jFKf8uRcXL0Y52cZpOZqmG8vSrDFvWlLg47vrly6bLkgXIkcCfc7kTI0li7E0+6h
> e7xrPEAIpvX1JWcS5rLRnZYvT9YJgw2k3qR1f/Upx5OWDoa7yjGpXAG8dR7Au+f3
> UvLLx34SA8wk49NdGdlILj1TgBR6zbID0h1u3hks00iS12wroyGCMIIBwgYJKoZI
> hvcNAQcBMBEGBSsOAwIHBAj53lfxI9fjkoCCAaDUJFGZWEDAdyPbMTu5Jyx8xTPI
> OK7Ddzt93LdbrnelizBhV6UKmpBsrpyEy/rJrU4KLcbV0xjf4zWxrbWdzfS2kB4X
> UyicUP1hJO69MlVgejmAChuaOeE2xgv7sfRUZaJHOYM0b4fOBTNBut2Tm8V3/hZt
> zlQxPL77s91c7x757fTQVOWIz3q6KM1LpChmu4zy+nZ42fUjKYvAW/zF/CJsmfMD
> PRJheltEkr0j7f2DmsYDX+y5NEBrtbYFziWnvVE52wcEfdokNiTNyt9932cbL5vm
> JydFlrZLpMlM4RCRalCizmRhAyLz7/cKFvwgF4fwdDr/bc+OOogVUAfGP6k+WmI3
> imzH/XSL1YAfMwF9Seh2k8T7KootMWajTfsD8s0Qfg2is30T/I8OwdWneDCMwbrR
> ws72KlAcIwyOkLFAXiPBpMLlbR9l3y5VnJrIFdHSosoECGG3PpjqTfNxdQE2Ooo7
> W3IJR6ad3Etu4w8EwHUlntwqbtOKkqT4sIw0HBVssUg8IZBRyHMackP5/NpAotNx
> r18qJ4ulxrxSL9SvyqCCAccwggHDMIIBLKADAgECAiA5QTZDMzkxOEM1NERCOTk0
> RTdFOTUxNTA1OTgzQTE4MTANBgkqhkiG9w0BAQQFADAYMRYwFAYDVQQDDA0xNzIu
> MTYuMjQuMjM4MB4XDTE5MDkwOTA3MTIzMloXDTE5MDkxNTA5MTIzMlowGDEWMBQG
> A1UEAwwNMTcyLjE2LjI0LjIzODCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
> sfeobE3UTqt4Sd9vPnyG+ugzbW9uG1nXlm8Vv39MACJqfgxU6os8Kh6sElQcjXn5
> lNiy8L7VAX/Oqyp2SEcb4qAoIMCBMTLN7UzRHIpQKr9c6oZIcvUc0mBWpDbv3jcq
> dTfF1MoIs2/qyAVPg2f5sZ42V1w8IDZ6TM3JZK6/ckUCAwEAATANBgkqhkiG9w0B
> AQQFAAOBgQATop2OWQJzY3Axds0+9PGPAc0xGtlUQ462teCwgkm6bbrBr7eYhQeL
> gsT07aesE+37wrtOfmXBucDrdextS6OxW3g5KzC8Gp1yPXHglt8nUUESy9ooF490
> TZDBIIQ5yBbMk+AYy0IOWQURlNcc8RJ5LmJXnbq4G/etkLGGyELXxDGCAakwggGl
> AgEBMDwwGDEWMBQGA1UEAwwNMTcyLjE2LjI0LjIzOAIgOUE2QzM5MThDNTREQjk5
> NEU3RTk1MTUwNTk4M0ExODEwDAYIKoZIhvcNAgUFAKCBwTASBgpghkgBhvhFAQkC
> MQQTAjE5MBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8X
> DTE5MDkwOTA3MTIzMlowHwYJKoZIhvcNAQkEMRIEEMhY6izfmIjbrJo0kGbUbbQw
> IAYKYIZIAYb4RQEJBTESBBDpm5bmNyqQpJbJXX9leZwfMDAGCmCGSAGG+EUBCQcx
> IhMgOUE2QzM5MThDNTREQjk5NEU3RTk1MTUwNTk4M0ExODEwDQYJKoZIhvcNAQEB
> BQAEgYBThSGDFq9BdXNiOmDxxgw03eEEpxHKTn5jwdHnHxR5nLq2IKmVicyAdyuu
> Ax/ohg2CAU8+g+k914OzYWMh611mmKu5UyliRmq5LofTgXxzF3duW6aeRkMWxpDb
> zMp1TGXlKryeo1uPpZ5xZ0GGPqbkhsFlgCc2mhn35B7M2bD4jg==
> -----END PKCS7-----
> sscep: applying base64 encoding
> sscep: base64 encoded payload size: 2588 bytes
> sscep: scep msg: GET /ca/cgi-
> bin/pkiclient.exe?operation=PKIOperation&message=MIIHc..........NAQcC
> oI
> IHYjCCB14CAQExDjAMBggqhkiG9w0CBQUAMIIDzwYJ%0AKoZIhvcNAQcBoIIDwASCA7ww
> gg
> O4BgkqhkiG9w0BBwOgggOpMIIDpQIBADGCAdgw%0AggHUAgEAMIG7MIGlMQswCQYDVQQG
> Ew
> JTQzEZMBcGA1UECBMQTWFoZSwgU2V5Y2hl%0AbGxlczEcMBoGA1UEChMTUG9zdE1ldCBD
> b3
> Jwb3JhdGlvbjEZMBcGA1UECxMQU1NM%0AIGtleSBkaXZpc2lvbjEgMB4GA1UEAxMXUG9z
> dE
> 1ldCBSb290IENBIENsYXNzIDEx%0AIDAeBgkqhkiG9w0BCQEWEWFkbWluQHBvc3RtZXQu
> Y2
> 9tAhETSGWDZFdjSHVjR2gx%0AZDWHwTANBgkqhkiG9w0BAQEFAASCAQCAerkqjAIts4Bf
> 8T
> dhGuF4bCZCocccJ/aY%0A8cQDHzfmeJ9FJ3Wk9tT3nzvzM4WKGf4FjvpxouyzR4nKNOaH
> ry
> aSyH1DOBzyx7DI%0A9ZaCraKWcTd5m2KIamN/oaN7sA3fyBjjLoxTQ1TTiv8TXq1w8C4/
> 7/
> uaauv4uHg9%0AjFKf8uRcXL0Y52cZpOZqmG8vSrDFvWlLg47vrly6bLkgXIkcCfc7kTI0
> li
> 7E0%2B6h%0Ae7xrPEAIpvX1JWcS5rLRnZYvT9YJgw2k3qR1f/Upx5OWDoa7yjGpXAG8dR
> 7A
> u%2Bf3%0AUvLLx34SA8wk49NdGdlILj1TgBR6zbID0h1u3hks00iS12wroyGCMIIBwgYJ
> Ko
> ZI%0AhvcNAQcBMBEGBSsOAwIHBAj53lfxI9fjkoCCAaDUJFGZWEDAdyPbMTu5Jyx8xTPI
> %0
> AOK7Ddzt93LdbrnelizBhV6UKmpBsrpyEy/rJrU4KLcbV0xjf4zWxrbWdzfS2kB4X%0AU
> yi
> cUP1hJO69MlVgejmAChuaOeE2xgv7sfRUZaJHOYM0b4fOBTNBut2Tm8V3/hZt%0AzlQxP
> L7
> 7s91c7x757fTQVOWIz3q6KM1LpChmu4zy%2BnZ42fUjKYvAW/zF/CJsmfMD%0APRJhelt
> Ek
> r0j7f2DmsYDX%2By5NEBrtbYFziWnvVE52wcEfdokNiTNyt9932cbL5vm%0AJydFlrZLp
> Ml
> M4RCRalCizmRhAyLz7/cKFvwgF4fwdDr/bc%2BOOogVUAfGP6k%2BWmI3%0AimzH/XSL1
> YA
> fMwF9Seh2k8T7KootMWajTfsD8s0Qfg2is30T/I8OwdWneDCMwbrR%0Aws72KlAcIwyOk
> LF
> AXiPBpMLlbR9l3y5VnJrIFdHSosoECGG3PpjqTfNxdQE2Ooo7%0AW3IJR6ad3Etu4w8Ew
> HU
> lntwqbtOKkqT4sIw0HBVssUg8IZBRyHMackP5/NpAotNx%0Ar18qJ4ulxrxSL9SvyqCCA
> cc
> wggHDMIIBLKADAgECAiA5QTZDMzkxOEM1NERCOTk0%0ARTdFOTUxNTA1OTgzQTE4MTANB
> gk
> qhkiG9w0BAQQFADAYMRYwFAYDVQQDDA0xNzIu%0AMTYuMjQuMjM4MB4XDTE5MDkwOTA3M
> TI
> zMloXDTE5MDkxNTA5MTIzMlowGDEWMBQG%0AA1UEAwwNMTcyLjE2LjI0LjIzODCBnzANB
> gk
> qhkiG9w0BAQEFAAOBjQAwgYkCgYEA%0AsfeobE3UTqt4Sd9vPnyG%2BugzbW9uG1nXlm8
> Vv
> 39MACJqfgxU6os8Kh6sElQcjXn5%0AlNiy8L7VAX/Oqyp2SEcb4qAoIMCBMTLN7UzRHIp
> QK
> r9c6oZIcvUc0mBWpDbv3jcq%0AdTfF1MoIs2/qyAVPg2f5sZ42V1w8IDZ6TM3JZK6/ckU
> CA
> wEAATANBgkqhkiG9w0B%0AAQQFAAOBgQATop2OWQJzY3Axds0%2B9PGPAc0xGtlUQ462t
> eC
> wgkm6bbrBr7eYhQeL%0AgsT07aesE%2B37wrtOfmXBucDrdextS6OxW3g5KzC8Gp1yPXH
> gl
> t8nUUESy9ooF490%0ATZDBIIQ5yBbMk%2BAYy0IOWQURlNcc8RJ5LmJXnbq4G/etkLGGy
> EL
> XxDGCAakwggGl%0AAgEBMDwwGDEWMBQGA1UEAwwNMTcyLjE2LjI0LjIzOAIgOUE2QzM5M
> Th
> DNTREQjk5%0ANEU3RTk1MTUwNTk4M0ExODEwDAYIKoZIhvcNAgUFAKCBwTASBgpghkgBh
> vh
> FAQkC%0AMQQTAjE5MBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFM
> Q8
> X%0ADTE5MDkwOTA3MTIzMlowHwYJKoZIhvcNAQkEMRIEEMhY6izfmIjbrJo0kGbUbbQw%
> 0A
> IAYKYIZIAYb4RQEJBTESBBDpm5bmNyqQpJbJXX9leZwfMDAGCmCGSAGG%2BEUBCQcx%0A
> Ih
> MgOUE2QzM5MThDNTREQjk5NEU3RTk1MTUwNTk4M0ExODEwDQYJKoZIhvcNAQEB%0ABQAE
> gY
> BThSGDFq9BdXNiOmDxxgw03eEEpxHKTn5jwdHnHxR5nLq2IKmVicyAdyuu%0AAx/ohg2C
> AU
> 8%2Bg%2Bk914OzYWMh611mmKu5UyliRmq5LofTgXxzF3duW6aeRkMWxpDb%0AzMp1TGXl
> Kr
> yeo1uPpZ5xZ0GGPqbkhsFlgCc2mhn35B7M2bD4jg%3D%3D%0A HTTP/1.0
> 
> sscep: server returned status code 500
> sscep: mime_err: HTTP/1.1 500 
> Content-Type: text/html;charset=utf-8
> Content-Language: en
> Content-Length: 3234
> Date: Mon, 09 Sep 2019 07:12:32 GMT
> Connection: close
> 
> <!doctype html><html lang="en"><head><title>HTTP Status 500 ?
> Internal
> Server Error</title><style type="text/css">h1 {font-
> family:Tahoma,Arial,sans-serif;color:white;background-
> color:#525D76;font-size:22px;} h2 {font-family:Tahoma,Arial,sans-
> serif;color:white;background-color:#525D76;font-size:16px;} h3 {font-
> family:Tahoma,Arial,sans-serif;color:white;background-
> color:#525D76;font-size:14px;} body {font-family:Tahoma,Arial,sans-
> serif;color:black;background-color:white;} b {font-
> family:Tahoma,Arial,sans-serif;color:white;background-color:#525D76;} 
> p
> {font-family:Tahoma,Arial,sans-
> serif;background:white;color:black;font-
> size:12px;} a {color:black;} a.name {color:black;} .line
> {height:1px;background-
> color:#525D76;border:none;}</style></head><body><h1>HTTP Status 500 ?
> Internal Server Error</h1><hr class="line" /><p><b>Type</b> Exception
> Report</p><p><b>Message</b> Couldn&#39;t handle CEP request (PKCSReq)
> -
> Could not unwrap PKCS10 blob:
> java.security.cert.CertificateException:
> Error instantiating class for challenge_password
> java.lang.ClassNotFoundException:
> com.netscape.cms.servlet.cert.scep.ChallengePassword</p><p><b>Descrip
> ti
> on</b> The server encountered an unexpected condition that prevented
> it
> from fulfilling the
> request.</p><p><b>Exception</b></p><pre>javax.servlet.ServletExceptio
> n:
> Couldn&#39;t handle CEP request (PKCSReq) - Could not unwrap PKCS10
> blob: java.security.cert.CertificateException: Error instantiating
> class for challenge_password java.lang.ClassNotFoundException:
> com.netscape.cms.servlet.cert.scep.ChallengePassword
>         com.netscape.cms.servlet.cert.scep.CRSEnrollment.service(CRSE
> nr
> ollment.java:397)
>         javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
>         sun.reflect.GeneratedMethodAccessor48.invoke(Unknown Source)
>         sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMet
> ho
> dAccessorImpl.java:43)
>         java.lang.reflect.Method.invoke(Method.java:498)
>         org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.
> ja
> va:282)
>         org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.
> ja
> va:279)
>         java.security.AccessController.doPrivileged(Native Method)
>         javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
>         org.apache.catalina.security.SecurityUtil.execute(SecurityUti
> l.
> java:314)
>         org.apache.catalina.security.SecurityUtil.doAsPrivilege(Secur
> it
> yUtil.java:170)
>         java.security.AccessController.doPrivileged(Native Method)
>         org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter
> .j
> ava:53)
>         sun.reflect.GeneratedMethodAccessor47.invoke(Unknown Source)
>         sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMet
> ho
> dAccessorImpl.java:43)
>         java.lang.reflect.Method.invoke(Method.java:498)
>         org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.
> ja
> va:282)
>         org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.
> ja
> va:279)
>         java.security.AccessController.doPrivileged(Native Method)
>         javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
>         org.apache.catalina.security.SecurityUtil.execute(SecurityUti
> l.
> java:314)
>         org.apache.catalina.security.SecurityUtil.doAsPrivilege(Secur
> it
> yUtil.java:253)
> </pre><p><b>Note</b> The full stack trace of the root cause is
> available in the server logs.</p><hr class="line" /><h3>Apache
> Tomcat/9.0.21</h3></body></html>
> sscep: wrong (or missing) MIME content type
> sscep: error while sending message
> 
> 
> Why it is trying to unwrap PKCS10 if we are sending PKCS7 ?
> How it can be fixed ?
> I am sure you know it.
> Please help.
> 
> 
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/pki-users/attachments/20190910/14ee2acb/attachment.sig>

From pr at postmet.com  Wed Sep 11 06:20:36 2019
From: pr at postmet.com (Pavel Ryabikh)
Date: Wed, 11 Sep 2019 09:20:36 +0300
Subject: [Pki-users] sscep enroll error
In-Reply-To: <579d7458101fa73047785be465ca799437405f98.camel@redhat.com>
References: <4aaa38b598ca9529d5061f0dd2686cbdd7f47451.camel@postmet.com>
	<579d7458101fa73047785be465ca799437405f98.camel@redhat.com>
Message-ID: <bd714f2882de56f30033efe2cb332a338f241ed7.camel@postmet.com>

This is the result of "rpm -qa | grep pki":

pki-tools-10.8.0-0.1.fc30.x86_64
pki-javadoc-10.8.0-0.1.fc30.noarch
python3-pki-10.8.0-0.1.fc30.noarch
pki-ca-10.8.0-0.1.fc30.noarch
dogtag-pki-console-theme-10.8.0-0.1.fc30.noarch
pki-server-10.8.0-0.1.fc30.noarch
pki-tks-10.8.0-0.1.fc30.noarch
dogtag-pki-10.8.0-0.1.fc30.x86_64
pki-base-java-10.8.0-0.1.fc30.noarch
pki-symkey-10.8.0-0.1.fc30.x86_64
pki-ocsp-10.8.0-0.1.fc30.noarch
dogtag-pki-server-theme-10.8.0-0.1.fc30.noarch
pki-base-10.8.0-0.1.fc30.noarch
pki-kra-10.8.0-0.1.fc30.noarch
pki-console-10.8.0-0.1.fc30.noarch
pki-tps-10.8.0-0.1.fc30.x86_64

Does it help to fix the problem ?


On Tue, 2019-09-10 at 12:16 -0400, Dinesh Prasanth Moluguwan
Krishnamoorthy wrote:
> Hi Pavel,
> 
> There was a recent merger of pki-cmscore.jar into pki-cms.jar [1]. As
> a
> consequence, `com.netscape.cms.servlet.cert.scep.ChallengePassword`
> was
> also affected. I suspect there is some mismatch in the installed
> version of the packages.
> 
> Can you post the result of:
> 
> `rpm -qa | grep pki` ?
> 
> [1] 
> https://github.com/dogtagpki/pki/commits/master/base/server/src/com/netscape/cms/servlet/cert/scep/ChallengePassword.java
> 
> Regards,
> --Dinesh
> 
> On Mon, 2019-09-09 at 10:32 +0300, Pavel Ryabikh wrote:
> > Hello dear PKI-users!
> > 
> > Our pki system version is:
> > Fedora 29. 
> > pki-server-10.8.0-0.1.fc30.noarch
> > 
> > We are configured SCEP following:
> > https://www.dogtagpki.org/wiki/SCEP_Setup
> > 
> > CS.cfg:
> > ...
> > ca.scep.allowedEncryptionAlgorithms=DES,DES3
> > ca.scep.allowedHashAlgorithms=MD5,SHA1,SHA256,SHA512
> > ca.scep.enable=true
> > ca.scep.encryptionAlgorithm=DES
> > ca.scep.hashAlgorithm=MD5
> > ca.scep.nonceSizeLimit=16
> > ...
> > 
> > we also
> > - installed SSCEP client
> > - generated CA certificate
> > $ sscep getca -u http://$HOSTNAME:8080/ca/cgi-bin/pkiclient.exe -c
> > ca.crt
> > it is checked by
> > $ openssl x509 -in ca.crt -text
> > and it is correct
> > - generated CSR request and a key
> > $ /usr/bin/mkrequest -ip 172.16.24.238 Uojs93wkfd0IS
> > 
> > and when trying to test enroll we are getting the followng error:
> > (Could not unwrap PKCS10 blob:
> > java.security.cert.CertificateException:
> > Error instantiating class for challenge_password
> > java.lang.ClassNotFoundException): 
> > 
> > # sscep enroll -u http://$HOSTNAME:8080/ca/cgi-bin/pkiclient.exe -c
> > ca.crt -k local.key -r local.csr -l cert.crt -d
> > 
> > sscep: starting sscep, version 0.6.1
> > sscep: new transaction
> > sscep: transaction id: D41D8CD98F00B204E9800998ECF8427E
> > sscep: hostname: ca.lvm.postmet.com
> > sscep: directory: ca/cgi-bin/pkiclient.exe
> > sscep: port: 8080
> > sscep:  Read request with transaction id:
> > 9A6C3918C54DB994E7E951505983A181
> > sscep: generating selfsigned certificate
> > sscep: SCEP_OPERATION_ENROLL
> > sscep: sending certificate request
> > sscep: creating inner PKCS#7
> > sscep: inner PKCS#7 in mem BIO 
> > sscep: request data dump 
> > -----BEGIN CERTIFICATE REQUEST-----
> > MIIBmz..........GDEWMBQGA1UEAwwNMTcyLjE2LjI0LjIzODCBnzANBgkqhkiG
> > 9w0BAQEFAAOBjQAwgYkCgYEAsfeobE3UTqt4Sd9vPnyG+ugzbW9uG1nXlm8Vv39M
> > ACJqfgxU6os8Kh6sElQcjXn5lNiy8L7VAX/Oqyp2SEcb4qAoIMCBMTLN7UzRHIpQ
> > Kr9c6oZIcvUc0mBWpDbv3jcqdTfF1MoIs2/qyAVPg2f5sZ42V1w8IDZ6TM3JZK6/
> > ckUCAwEAAaBDMBwGCSqGSIb3DQEJBzEPDA1Vb2pzOTN3a2ZkMElTMCMGCSqGSIb3
> > DQEJDjEWMBQwEgYDVR0RAQH/BAgwBocErBAY7jANBgkqhkiG9w0BAQsFAAOBgQA5
> > URuLsrH0bKtBqrNiaPT1nMQ+fRAJ6Ckjfj/pQsyXO0Nll7blBdbErOtSzDR5yV91
> > g6/oin5LPn/RwT1hATfjCniF4UVfotLnFjKQe7icsS82gl2FNT+pG1CjTAqxJqZO
> > oBe+ZWzs4cx7wHerjk5u8baz79XFfkQyCdL6QRVlTA==
> > -----END CERTIFICATE REQUEST-----
> > sscep: data payload size: 415 bytes
> > 
> >  sscep: hexdump request payload 
> > 3082019b3082010402010030183116301406035504030c0d3137322e31362e32342
> > e3
> > 23
> > 33830819f300d06092a864886f70d010101050003818d0030818902818100b1f7a8
> > 6c
> > 4d
> > d44eab7849df6f3e7c86fae8336d6f6e1b59d7966f15bf7f4c00226a7e0c54ea8b3
> > c2
> > a1
> > eac12541c8d79f994d8b2f0bed5017fceab2a7648471be2a02820c0813132cded4c
> > d1
> > 1c
> > 8a502abf5cea864872f51cd26056a436efde372a7537c5d4ca08b36feac8054f836
> > 7f
> > 9b
> > 19e36575c3c20367a4ccdc964aebf72450203010001a043301c06092a864886f70d
> > 01
> > 09
> > 07310f0c0d556f6a733933776b6664304953302306092a864886f70d01090e31163
> > 01
> > 43
> > 0120603551d110101ff040830068704ac1018ee300d06092a864886f70d01010b05
> > 00
> > 03
> > 81810039511b8bb2b1f46cab41aab36268f4f59cc43e7d1009e829237e3fe942cc9
> > 73
> > b4
> > 36597b6e505d6c4aceb52cc3479c95f7583afe88a7e4b3e7fd1c13d610137e30a78
> > 85
> > e1
> > 455fa2d2e71632907bb89cb12f36825d85353fa91b50a34c0ab126a64ea017be656
> > ce
> > ce
> > 1cc7bc077ab8e4e6ef1b6b3efd5c57e443209d2fa4115654c
> >  sscep: hexdump payload 415 
> > sscep: successfully encrypted payload
> > sscep: envelope size: 956 bytes
> > sscep: printing PEM fomatted PKCS#7
> > -----BEGIN PKCS7-----
> > MIIDu..........NAQcDoIIDqTCCA6UCAQAxggHYMIIB1AIBADCBuzCBpTELMAkG
> > A1UEBhMCU0MxGTAXBgNVBAgTEE1haGUsIFNleWNoZWxsZXMxHDAaBgNVBAoTE1Bv
> > c3RNZXQgQ29ycG9yYXRpb24xGTAXBgNVBAsTEFNTTCBrZXkgZGl2aXNpb24xIDAe
> > BgNVBAMTF1Bvc3RNZXQgUm9vdCBDQSBDbGFzcyAxMSAwHgYJKoZIhvcNAQkBFhFh
> > ZG1pbkBwb3N0bWV0LmNvbQIRE0hlg2RXY0h1Y0doMWQ1h8EwDQYJKoZIhvcNAQEB
> > BQAEggEAgHq5KowCLbOAX/E3YRrheGwmQqHHHCf2mPHEAx835nifRSd1pPbU9587
> > 8zOFihn+BY76caLss0eJyjTmh68mksh9Qzgc8sewyPWWgq2ilnE3eZtiiGpjf6Gj
> > e7AN38gY4y6MU0NU04r/E16tcPAuP+/7mmrr+Lh4PYxSn/LkXFy9GOdnGaTmaphv
> > L0qwxb1pS4OO765cumy5IFyJHAn3O5EyNJYuxNPuoXu8azxACKb19SVnEuay0Z2W
> > L0/WCYMNpN6kdX/1KceTlg6Gu8oxqVwBvHUewLvn91Lyy8d+EgPMJOPTXRnZSC49
> > U4AUes2yA9Idbt4ZLNNIktdsK6MhgjCCAcIGCSqGSIb3DQEHATARBgUrDgMCBwQI
> > +d5X8SPX45KAggGg1CRRmVhAwHcj2zE7uScsfMUzyDiuw3c7fdy3W653pYswYVel
> > CpqQbK6chMv6ya1OCi3G1dMY3+M1sa21nc30tpAeF1MonFD9YSTuvTJVYHo5gAob
> > mjnhNsYL+7H0VGWiRzmDNG+HzgUzQbrdk5vFd/4Wbc5UMTy++7PdXO8e+e300FTl
> > iM96uijNS6QoZruM8vp2eNn1IymLwFv8xfwibJnzAz0SYXpbRJK9I+39g5rGA1/s
> > uTRAa7W2Bc4lp71ROdsHBH3aJDYkzcrffd9nGy+b5icnRZa2S6TJTOEQkWpQos5k
> > YQMi8+/3Chb8IBeH8HQ6/23PjjqIFVAHxj+pPlpiN4psx/10i9WAHzMBfUnodpPE
> > +yqKLTFmo037A/LNEH4NorN9E/yPDsHVp3gwjMG60cLO9ipQHCMMjpCxQF4jwaTC
> > 5W0fZd8uVZyayBXR0qLKBAhhtz6Y6k3zcXUBNjqKO1tyCUemndxLbuMPBMB1JZ7c
> > Km7TipKk+LCMNBwVbLFIPCGQUchzGnJD+fzaQKLTca9fKieLpca8Ui/Ur8o=
> > -----END PKCS7-----
> > sscep: creating outer PKCS#7
> > sscep: signature added successfully
> > sscep: adding signed attributes
> > sscep: adding string attribute transId
> > sscep: adding string attribute messageType
> > sscep: adding octet attribute senderNonce
> > sscep: PKCS#7 data written successfully
> > sscep: printing PEM fomatted PKCS#7
> > -----BEGIN PKCS7-----
> > MIIHc..........NAQcCoIIHYjCCB14CAQExDjAMBggqhkiG9w0CBQUAMIIDzwYJ
> > KoZIhvcNAQcBoIIDwASCA7wwggO4BgkqhkiG9w0BBwOgggOpMIIDpQIBADGCAdgw
> > ggHUAgEAMIG7MIGlMQswCQYDVQQGEwJTQzEZMBcGA1UECBMQTWFoZSwgU2V5Y2hl
> > bGxlczEcMBoGA1UEChMTUG9zdE1ldCBDb3Jwb3JhdGlvbjEZMBcGA1UECxMQU1NM
> > IGtleSBkaXZpc2lvbjEgMB4GA1UEAxMXUG9zdE1ldCBSb290IENBIENsYXNzIDEx
> > IDAeBgkqhkiG9w0BCQEWEWFkbWluQHBvc3RtZXQuY29tAhETSGWDZFdjSHVjR2gx
> > ZDWHwTANBgkqhkiG9w0BAQEFAASCAQCAerkqjAIts4Bf8TdhGuF4bCZCocccJ/aY
> > 8cQDHzfmeJ9FJ3Wk9tT3nzvzM4WKGf4FjvpxouyzR4nKNOaHryaSyH1DOBzyx7DI
> > 9ZaCraKWcTd5m2KIamN/oaN7sA3fyBjjLoxTQ1TTiv8TXq1w8C4/7/uaauv4uHg9
> > jFKf8uRcXL0Y52cZpOZqmG8vSrDFvWlLg47vrly6bLkgXIkcCfc7kTI0li7E0+6h
> > e7xrPEAIpvX1JWcS5rLRnZYvT9YJgw2k3qR1f/Upx5OWDoa7yjGpXAG8dR7Au+f3
> > UvLLx34SA8wk49NdGdlILj1TgBR6zbID0h1u3hks00iS12wroyGCMIIBwgYJKoZI
> > hvcNAQcBMBEGBSsOAwIHBAj53lfxI9fjkoCCAaDUJFGZWEDAdyPbMTu5Jyx8xTPI
> > OK7Ddzt93LdbrnelizBhV6UKmpBsrpyEy/rJrU4KLcbV0xjf4zWxrbWdzfS2kB4X
> > UyicUP1hJO69MlVgejmAChuaOeE2xgv7sfRUZaJHOYM0b4fOBTNBut2Tm8V3/hZt
> > zlQxPL77s91c7x757fTQVOWIz3q6KM1LpChmu4zy+nZ42fUjKYvAW/zF/CJsmfMD
> > PRJheltEkr0j7f2DmsYDX+y5NEBrtbYFziWnvVE52wcEfdokNiTNyt9932cbL5vm
> > JydFlrZLpMlM4RCRalCizmRhAyLz7/cKFvwgF4fwdDr/bc+OOogVUAfGP6k+WmI3
> > imzH/XSL1YAfMwF9Seh2k8T7KootMWajTfsD8s0Qfg2is30T/I8OwdWneDCMwbrR
> > ws72KlAcIwyOkLFAXiPBpMLlbR9l3y5VnJrIFdHSosoECGG3PpjqTfNxdQE2Ooo7
> > W3IJR6ad3Etu4w8EwHUlntwqbtOKkqT4sIw0HBVssUg8IZBRyHMackP5/NpAotNx
> > r18qJ4ulxrxSL9SvyqCCAccwggHDMIIBLKADAgECAiA5QTZDMzkxOEM1NERCOTk0
> > RTdFOTUxNTA1OTgzQTE4MTANBgkqhkiG9w0BAQQFADAYMRYwFAYDVQQDDA0xNzIu
> > MTYuMjQuMjM4MB4XDTE5MDkwOTA3MTIzMloXDTE5MDkxNTA5MTIzMlowGDEWMBQG
> > A1UEAwwNMTcyLjE2LjI0LjIzODCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
> > sfeobE3UTqt4Sd9vPnyG+ugzbW9uG1nXlm8Vv39MACJqfgxU6os8Kh6sElQcjXn5
> > lNiy8L7VAX/Oqyp2SEcb4qAoIMCBMTLN7UzRHIpQKr9c6oZIcvUc0mBWpDbv3jcq
> > dTfF1MoIs2/qyAVPg2f5sZ42V1w8IDZ6TM3JZK6/ckUCAwEAATANBgkqhkiG9w0B
> > AQQFAAOBgQATop2OWQJzY3Axds0+9PGPAc0xGtlUQ462teCwgkm6bbrBr7eYhQeL
> > gsT07aesE+37wrtOfmXBucDrdextS6OxW3g5KzC8Gp1yPXHglt8nUUESy9ooF490
> > TZDBIIQ5yBbMk+AYy0IOWQURlNcc8RJ5LmJXnbq4G/etkLGGyELXxDGCAakwggGl
> > AgEBMDwwGDEWMBQGA1UEAwwNMTcyLjE2LjI0LjIzOAIgOUE2QzM5MThDNTREQjk5
> > NEU3RTk1MTUwNTk4M0ExODEwDAYIKoZIhvcNAgUFAKCBwTASBgpghkgBhvhFAQkC
> > MQQTAjE5MBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8X
> > DTE5MDkwOTA3MTIzMlowHwYJKoZIhvcNAQkEMRIEEMhY6izfmIjbrJo0kGbUbbQw
> > IAYKYIZIAYb4RQEJBTESBBDpm5bmNyqQpJbJXX9leZwfMDAGCmCGSAGG+EUBCQcx
> > IhMgOUE2QzM5MThDNTREQjk5NEU3RTk1MTUwNTk4M0ExODEwDQYJKoZIhvcNAQEB
> > BQAEgYBThSGDFq9BdXNiOmDxxgw03eEEpxHKTn5jwdHnHxR5nLq2IKmVicyAdyuu
> > Ax/ohg2CAU8+g+k914OzYWMh611mmKu5UyliRmq5LofTgXxzF3duW6aeRkMWxpDb
> > zMp1TGXlKryeo1uPpZ5xZ0GGPqbkhsFlgCc2mhn35B7M2bD4jg==
> > -----END PKCS7-----
> > sscep: applying base64 encoding
> > sscep: base64 encoded payload size: 2588 bytes
> > sscep: scep msg: GET /ca/cgi-
> > bin/pkiclient.exe?operation=PKIOperation&message=MIIHc..........NAQ
> > cC
> > oI
> > IHYjCCB14CAQExDjAMBggqhkiG9w0CBQUAMIIDzwYJ%0AKoZIhvcNAQcBoIIDwASCA7
> > ww
> > gg
> > O4BgkqhkiG9w0BBwOgggOpMIIDpQIBADGCAdgw%0AggHUAgEAMIG7MIGlMQswCQYDVQ
> > QG
> > Ew
> > JTQzEZMBcGA1UECBMQTWFoZSwgU2V5Y2hl%0AbGxlczEcMBoGA1UEChMTUG9zdE1ldC
> > BD
> > b3
> > Jwb3JhdGlvbjEZMBcGA1UECxMQU1NM%0AIGtleSBkaXZpc2lvbjEgMB4GA1UEAxMXUG
> > 9z
> > dE
> > 1ldCBSb290IENBIENsYXNzIDEx%0AIDAeBgkqhkiG9w0BCQEWEWFkbWluQHBvc3RtZX
> > Qu
> > Y2
> > 9tAhETSGWDZFdjSHVjR2gx%0AZDWHwTANBgkqhkiG9w0BAQEFAASCAQCAerkqjAIts4
> > Bf
> > 8T
> > dhGuF4bCZCocccJ/aY%0A8cQDHzfmeJ9FJ3Wk9tT3nzvzM4WKGf4FjvpxouyzR4nKNO
> > aH
> > ry
> > aSyH1DOBzyx7DI%0A9ZaCraKWcTd5m2KIamN/oaN7sA3fyBjjLoxTQ1TTiv8TXq1w8C
> > 4/
> > 7/
> > uaauv4uHg9%0AjFKf8uRcXL0Y52cZpOZqmG8vSrDFvWlLg47vrly6bLkgXIkcCfc7kT
> > I0
> > li
> > 7E0%2B6h%0Ae7xrPEAIpvX1JWcS5rLRnZYvT9YJgw2k3qR1f/Upx5OWDoa7yjGpXAG8
> > dR
> > 7A
> > u%2Bf3%0AUvLLx34SA8wk49NdGdlILj1TgBR6zbID0h1u3hks00iS12wroyGCMIIBwg
> > YJ
> > Ko
> > ZI%0AhvcNAQcBMBEGBSsOAwIHBAj53lfxI9fjkoCCAaDUJFGZWEDAdyPbMTu5Jyx8xT
> > PI
> > %0
> > AOK7Ddzt93LdbrnelizBhV6UKmpBsrpyEy/rJrU4KLcbV0xjf4zWxrbWdzfS2kB4X%0
> > AU
> > yi
> > cUP1hJO69MlVgejmAChuaOeE2xgv7sfRUZaJHOYM0b4fOBTNBut2Tm8V3/hZt%0AzlQ
> > xP
> > L7
> > 7s91c7x757fTQVOWIz3q6KM1LpChmu4zy%2BnZ42fUjKYvAW/zF/CJsmfMD%0APRJhe
> > lt
> > Ek
> > r0j7f2DmsYDX%2By5NEBrtbYFziWnvVE52wcEfdokNiTNyt9932cbL5vm%0AJydFlrZ
> > Lp
> > Ml
> > M4RCRalCizmRhAyLz7/cKFvwgF4fwdDr/bc%2BOOogVUAfGP6k%2BWmI3%0AimzH/XS
> > L1
> > YA
> > fMwF9Seh2k8T7KootMWajTfsD8s0Qfg2is30T/I8OwdWneDCMwbrR%0Aws72KlAcIwy
> > Ok
> > LF
> > AXiPBpMLlbR9l3y5VnJrIFdHSosoECGG3PpjqTfNxdQE2Ooo7%0AW3IJR6ad3Etu4w8
> > Ew
> > HU
> > lntwqbtOKkqT4sIw0HBVssUg8IZBRyHMackP5/NpAotNx%0Ar18qJ4ulxrxSL9SvyqC
> > CA
> > cc
> > wggHDMIIBLKADAgECAiA5QTZDMzkxOEM1NERCOTk0%0ARTdFOTUxNTA1OTgzQTE4MTA
> > NB
> > gk
> > qhkiG9w0BAQQFADAYMRYwFAYDVQQDDA0xNzIu%0AMTYuMjQuMjM4MB4XDTE5MDkwOTA
> > 3M
> > TI
> > zMloXDTE5MDkxNTA5MTIzMlowGDEWMBQG%0AA1UEAwwNMTcyLjE2LjI0LjIzODCBnzA
> > NB
> > gk
> > qhkiG9w0BAQEFAAOBjQAwgYkCgYEA%0AsfeobE3UTqt4Sd9vPnyG%2BugzbW9uG1nXl
> > m8
> > Vv
> > 39MACJqfgxU6os8Kh6sElQcjXn5%0AlNiy8L7VAX/Oqyp2SEcb4qAoIMCBMTLN7UzRH
> > Ip
> > QK
> > r9c6oZIcvUc0mBWpDbv3jcq%0AdTfF1MoIs2/qyAVPg2f5sZ42V1w8IDZ6TM3JZK6/c
> > kU
> > CA
> > wEAATANBgkqhkiG9w0B%0AAQQFAAOBgQATop2OWQJzY3Axds0%2B9PGPAc0xGtlUQ46
> > 2t
> > eC
> > wgkm6bbrBr7eYhQeL%0AgsT07aesE%2B37wrtOfmXBucDrdextS6OxW3g5KzC8Gp1yP
> > XH
> > gl
> > t8nUUESy9ooF490%0ATZDBIIQ5yBbMk%2BAYy0IOWQURlNcc8RJ5LmJXnbq4G/etkLG
> > Gy
> > EL
> > XxDGCAakwggGl%0AAgEBMDwwGDEWMBQGA1UEAwwNMTcyLjE2LjI0LjIzOAIgOUE2QzM
> > 5M
> > Th
> > DNTREQjk5%0ANEU3RTk1MTUwNTk4M0ExODEwDAYIKoZIhvcNAgUFAKCBwTASBgpghkg
> > Bh
> > vh
> > FAQkC%0AMQQTAjE5MBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQk
> > FM
> > Q8
> > X%0ADTE5MDkwOTA3MTIzMlowHwYJKoZIhvcNAQkEMRIEEMhY6izfmIjbrJo0kGbUbbQ
> > w%
> > 0A
> > IAYKYIZIAYb4RQEJBTESBBDpm5bmNyqQpJbJXX9leZwfMDAGCmCGSAGG%2BEUBCQcx%
> > 0A
> > Ih
> > MgOUE2QzM5MThDNTREQjk5NEU3RTk1MTUwNTk4M0ExODEwDQYJKoZIhvcNAQEB%0ABQ
> > AE
> > gY
> > BThSGDFq9BdXNiOmDxxgw03eEEpxHKTn5jwdHnHxR5nLq2IKmVicyAdyuu%0AAx/ohg
> > 2C
> > AU
> > 8%2Bg%2Bk914OzYWMh611mmKu5UyliRmq5LofTgXxzF3duW6aeRkMWxpDb%0AzMp1TG
> > Xl
> > Kr
> > yeo1uPpZ5xZ0GGPqbkhsFlgCc2mhn35B7M2bD4jg%3D%3D%0A HTTP/1.0
> > 
> > sscep: server returned status code 500
> > sscep: mime_err: HTTP/1.1 500 
> > Content-Type: text/html;charset=utf-8
> > Content-Language: en
> > Content-Length: 3234
> > Date: Mon, 09 Sep 2019 07:12:32 GMT
> > Connection: close
> > 
> > <!doctype html><html lang="en"><head><title>HTTP Status 500 ?
> > Internal
> > Server Error</title><style type="text/css">h1 {font-
> > family:Tahoma,Arial,sans-serif;color:white;background-
> > color:#525D76;font-size:22px;} h2 {font-family:Tahoma,Arial,sans-
> > serif;color:white;background-color:#525D76;font-size:16px;} h3
> > {font-
> > family:Tahoma,Arial,sans-serif;color:white;background-
> > color:#525D76;font-size:14px;} body {font-family:Tahoma,Arial,sans-
> > serif;color:black;background-color:white;} b {font-
> > family:Tahoma,Arial,sans-serif;color:white;background-
> > color:#525D76;} 
> > p
> > {font-family:Tahoma,Arial,sans-
> > serif;background:white;color:black;font-
> > size:12px;} a {color:black;} a.name {color:black;} .line
> > {height:1px;background-
> > color:#525D76;border:none;}</style></head><body><h1>HTTP Status 500
> > ?
> > Internal Server Error</h1><hr class="line" /><p><b>Type</b>
> > Exception
> > Report</p><p><b>Message</b> Couldn&#39;t handle CEP request
> > (PKCSReq)
> > -
> > Could not unwrap PKCS10 blob:
> > java.security.cert.CertificateException:
> > Error instantiating class for challenge_password
> > java.lang.ClassNotFoundException:
> > com.netscape.cms.servlet.cert.scep.ChallengePassword</p><p><b>Descr
> > ip
> > ti
> > on</b> The server encountered an unexpected condition that
> > prevented
> > it
> > from fulfilling the
> > request.</p><p><b>Exception</b></p><pre>javax.servlet.ServletExcept
> > io
> > n:
> > Couldn&#39;t handle CEP request (PKCSReq) - Could not unwrap PKCS10
> > blob: java.security.cert.CertificateException: Error instantiating
> > class for challenge_password java.lang.ClassNotFoundException:
> > com.netscape.cms.servlet.cert.scep.ChallengePassword
> >         com.netscape.cms.servlet.cert.scep.CRSEnrollment.service(CR
> > SE
> > nr
> > ollment.java:397)
> >         javax.servlet.http.HttpServlet.service(HttpServlet.java:741
> > )
> >         sun.reflect.GeneratedMethodAccessor48.invoke(Unknown
> > Source)
> >         sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingM
> > et
> > ho
> > dAccessorImpl.java:43)
> >         java.lang.reflect.Method.invoke(Method.java:498)
> >         org.apache.catalina.security.SecurityUtil$1.run(SecurityUti
> > l.
> > ja
> > va:282)
> >         org.apache.catalina.security.SecurityUtil$1.run(SecurityUti
> > l.
> > ja
> > va:279)
> >         java.security.AccessController.doPrivileged(Native Method)
> >         javax.security.auth.Subject.doAsPrivileged(Subject.java:549
> > )
> >         org.apache.catalina.security.SecurityUtil.execute(SecurityU
> > ti
> > l.
> > java:314)
> >         org.apache.catalina.security.SecurityUtil.doAsPrivilege(Sec
> > ur
> > it
> > yUtil.java:170)
> >         java.security.AccessController.doPrivileged(Native Method)
> >         org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilt
> > er
> > .j
> > ava:53)
> >         sun.reflect.GeneratedMethodAccessor47.invoke(Unknown
> > Source)
> >         sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingM
> > et
> > ho
> > dAccessorImpl.java:43)
> >         java.lang.reflect.Method.invoke(Method.java:498)
> >         org.apache.catalina.security.SecurityUtil$1.run(SecurityUti
> > l.
> > ja
> > va:282)
> >         org.apache.catalina.security.SecurityUtil$1.run(SecurityUti
> > l.
> > ja
> > va:279)
> >         java.security.AccessController.doPrivileged(Native Method)
> >         javax.security.auth.Subject.doAsPrivileged(Subject.java:549
> > )
> >         org.apache.catalina.security.SecurityUtil.execute(SecurityU
> > ti
> > l.
> > java:314)
> >         org.apache.catalina.security.SecurityUtil.doAsPrivilege(Sec
> > ur
> > it
> > yUtil.java:253)
> > </pre><p><b>Note</b> The full stack trace of the root cause is
> > available in the server logs.</p><hr class="line" /><h3>Apache
> > Tomcat/9.0.21</h3></body></html>
> > sscep: wrong (or missing) MIME content type
> > sscep: error while sending message
> > 
> > 
> > Why it is trying to unwrap PKCS10 if we are sending PKCS7 ?
> > How it can be fixed ?
> > I am sure you know it.
> > Please help.
> > 
> > 
> > 
-- 
Pavel Ryabih

PostMet Corporation
http://www.postmet.com 

Call to sip:pr at postmet.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6468 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-users/attachments/20190911/449c2334/attachment.bin>

From dmoluguw at redhat.com  Fri Sep 13 19:14:08 2019
From: dmoluguw at redhat.com (Dinesh Prasanth Moluguwan Krishnamoorthy)
Date: Fri, 13 Sep 2019 15:14:08 -0400
Subject: [Pki-users] sscep enroll error
In-Reply-To: <bd714f2882de56f30033efe2cb332a338f241ed7.camel@postmet.com>
References: <4aaa38b598ca9529d5061f0dd2686cbdd7f47451.camel@postmet.com>
	<579d7458101fa73047785be465ca799437405f98.camel@redhat.com>
	<bd714f2882de56f30033efe2cb332a338f241ed7.camel@postmet.com>
Message-ID: <8a415b307d6729c802bb37c03039fa082f3c8f83.camel@redhat.com>

On Wed, 2019-09-11 at 09:20 +0300, Pavel Ryabikh wrote:
> This is the result of "rpm -qa | grep pki":
> 
> pki-tools-10.8.0-0.1.fc30.x86_64
> pki-javadoc-10.8.0-0.1.fc30.noarch
> python3-pki-10.8.0-0.1.fc30.noarch
> pki-ca-10.8.0-0.1.fc30.noarch
> dogtag-pki-console-theme-10.8.0-0.1.fc30.noarch
> pki-server-10.8.0-0.1.fc30.noarch
> pki-tks-10.8.0-0.1.fc30.noarch
> dogtag-pki-10.8.0-0.1.fc30.x86_64
> pki-base-java-10.8.0-0.1.fc30.noarch
> pki-symkey-10.8.0-0.1.fc30.x86_64
> pki-ocsp-10.8.0-0.1.fc30.noarch
> dogtag-pki-server-theme-10.8.0-0.1.fc30.noarch
> pki-base-10.8.0-0.1.fc30.noarch
> pki-kra-10.8.0-0.1.fc30.noarch
> pki-console-10.8.0-0.1.fc30.noarch
> pki-tps-10.8.0-0.1.fc30.x86_64
> 
> Does it help to fix the problem ?
Pavel,

No, it does not. But, helps to identify the issue.

As per your original email, you are using Fedora 29 system. But, the
packages installed seem to be built on **Fedora 30**. We don't support
installing Fedora 30 packages on Fedora 29.

Also, I see that you are using PKI 10.8.0 version. We haven't
officially released it on Fedora. The latest official release is pki-
core-10.7.3-3

Regards,
--Dinesh

> 
> 
> On Tue, 2019-09-10 at 12:16 -0400, Dinesh Prasanth Moluguwan
> Krishnamoorthy wrote:
> > Hi Pavel,
> > 
> > There was a recent merger of pki-cmscore.jar into pki-cms.jar [1].
> > As
> > a
> > consequence, `com.netscape.cms.servlet.cert.scep.ChallengePassword`
> > was
> > also affected. I suspect there is some mismatch in the installed
> > version of the packages.
> > 
> > Can you post the result of:
> > 
> > `rpm -qa | grep pki` ?
> > 
> > [1] 
> > https://github.com/dogtagpki/pki/commits/master/base/server/src/com/netscape/cms/servlet/cert/scep/ChallengePassword.java
> > 
> > Regards,
> > --Dinesh
> > 
> > On Mon, 2019-09-09 at 10:32 +0300, Pavel Ryabikh wrote:
> > > Hello dear PKI-users!
> > > 
> > > Our pki system version is:
> > > Fedora 29. 
> > > pki-server-10.8.0-0.1.fc30.noarch
> > > 
> > > We are configured SCEP following:
> > > https://www.dogtagpki.org/wiki/SCEP_Setup
> > > 
> > > CS.cfg:
> > > ...
> > > ca.scep.allowedEncryptionAlgorithms=DES,DES3
> > > ca.scep.allowedHashAlgorithms=MD5,SHA1,SHA256,SHA512
> > > ca.scep.enable=true
> > > ca.scep.encryptionAlgorithm=DES
> > > ca.scep.hashAlgorithm=MD5
> > > ca.scep.nonceSizeLimit=16
> > > ...
> > > 
> > > we also
> > > - installed SSCEP client
> > > - generated CA certificate
> > > $ sscep getca -u http://$HOSTNAME:8080/ca/cgi-bin/pkiclient.exe
> > > -c
> > > ca.crt
> > > it is checked by
> > > $ openssl x509 -in ca.crt -text
> > > and it is correct
> > > - generated CSR request and a key
> > > $ /usr/bin/mkrequest -ip 172.16.24.238 Uojs93wkfd0IS
> > > 
> > > and when trying to test enroll we are getting the followng error:
> > > (Could not unwrap PKCS10 blob:
> > > java.security.cert.CertificateException:
> > > Error instantiating class for challenge_password
> > > java.lang.ClassNotFoundException): 
> > > 
> > > # sscep enroll -u http://$HOSTNAME:8080/ca/cgi-bin/pkiclient.exe
> > > -c
> > > ca.crt -k local.key -r local.csr -l cert.crt -d
> > > 
> > > sscep: starting sscep, version 0.6.1
> > > sscep: new transaction
> > > sscep: transaction id: D41D8CD98F00B204E9800998ECF8427E
> > > sscep: hostname: ca.lvm.postmet.com
> > > sscep: directory: ca/cgi-bin/pkiclient.exe
> > > sscep: port: 8080
> > > sscep:  Read request with transaction id:
> > > 9A6C3918C54DB994E7E951505983A181
> > > sscep: generating selfsigned certificate
> > > sscep: SCEP_OPERATION_ENROLL
> > > sscep: sending certificate request
> > > sscep: creating inner PKCS#7
> > > sscep: inner PKCS#7 in mem BIO 
> > > sscep: request data dump 
> > > -----BEGIN CERTIFICATE REQUEST-----
> > > MIIBmz..........GDEWMBQGA1UEAwwNMTcyLjE2LjI0LjIzODCBnzANBgkqhkiG
> > > 9w0BAQEFAAOBjQAwgYkCgYEAsfeobE3UTqt4Sd9vPnyG+ugzbW9uG1nXlm8Vv39M
> > > ACJqfgxU6os8Kh6sElQcjXn5lNiy8L7VAX/Oqyp2SEcb4qAoIMCBMTLN7UzRHIpQ
> > > Kr9c6oZIcvUc0mBWpDbv3jcqdTfF1MoIs2/qyAVPg2f5sZ42V1w8IDZ6TM3JZK6/
> > > ckUCAwEAAaBDMBwGCSqGSIb3DQEJBzEPDA1Vb2pzOTN3a2ZkMElTMCMGCSqGSIb3
> > > DQEJDjEWMBQwEgYDVR0RAQH/BAgwBocErBAY7jANBgkqhkiG9w0BAQsFAAOBgQA5
> > > URuLsrH0bKtBqrNiaPT1nMQ+fRAJ6Ckjfj/pQsyXO0Nll7blBdbErOtSzDR5yV91
> > > g6/oin5LPn/RwT1hATfjCniF4UVfotLnFjKQe7icsS82gl2FNT+pG1CjTAqxJqZO
> > > oBe+ZWzs4cx7wHerjk5u8baz79XFfkQyCdL6QRVlTA==
> > > -----END CERTIFICATE REQUEST-----
> > > sscep: data payload size: 415 bytes
> > > 
> > >  sscep: hexdump request payload 
> > > 3082019b3082010402010030183116301406035504030c0d3137322e31362e323
> > > 42
> > > e3
> > > 23
> > > 33830819f300d06092a864886f70d010101050003818d0030818902818100b1f7
> > > a8
> > > 6c
> > > 4d
> > > d44eab7849df6f3e7c86fae8336d6f6e1b59d7966f15bf7f4c00226a7e0c54ea8
> > > b3
> > > c2
> > > a1
> > > eac12541c8d79f994d8b2f0bed5017fceab2a7648471be2a02820c0813132cded
> > > 4c
> > > d1
> > > 1c
> > > 8a502abf5cea864872f51cd26056a436efde372a7537c5d4ca08b36feac8054f8
> > > 36
> > > 7f
> > > 9b
> > > 19e36575c3c20367a4ccdc964aebf72450203010001a043301c06092a864886f7
> > > 0d
> > > 01
> > > 09
> > > 07310f0c0d556f6a733933776b6664304953302306092a864886f70d01090e311
> > > 63
> > > 01
> > > 43
> > > 0120603551d110101ff040830068704ac1018ee300d06092a864886f70d01010b
> > > 05
> > > 00
> > > 03
> > > 81810039511b8bb2b1f46cab41aab36268f4f59cc43e7d1009e829237e3fe942c
> > > c9
> > > 73
> > > b4
> > > 36597b6e505d6c4aceb52cc3479c95f7583afe88a7e4b3e7fd1c13d610137e30a
> > > 78
> > > 85
> > > e1
> > > 455fa2d2e71632907bb89cb12f36825d85353fa91b50a34c0ab126a64ea017be6
> > > 56
> > > ce
> > > ce
> > > 1cc7bc077ab8e4e6ef1b6b3efd5c57e443209d2fa4115654c
> > >  sscep: hexdump payload 415 
> > > sscep: successfully encrypted payload
> > > sscep: envelope size: 956 bytes
> > > sscep: printing PEM fomatted PKCS#7
> > > -----BEGIN PKCS7-----
> > > MIIDu..........NAQcDoIIDqTCCA6UCAQAxggHYMIIB1AIBADCBuzCBpTELMAkG
> > > A1UEBhMCU0MxGTAXBgNVBAgTEE1haGUsIFNleWNoZWxsZXMxHDAaBgNVBAoTE1Bv
> > > c3RNZXQgQ29ycG9yYXRpb24xGTAXBgNVBAsTEFNTTCBrZXkgZGl2aXNpb24xIDAe
> > > BgNVBAMTF1Bvc3RNZXQgUm9vdCBDQSBDbGFzcyAxMSAwHgYJKoZIhvcNAQkBFhFh
> > > ZG1pbkBwb3N0bWV0LmNvbQIRE0hlg2RXY0h1Y0doMWQ1h8EwDQYJKoZIhvcNAQEB
> > > BQAEggEAgHq5KowCLbOAX/E3YRrheGwmQqHHHCf2mPHEAx835nifRSd1pPbU9587
> > > 8zOFihn+BY76caLss0eJyjTmh68mksh9Qzgc8sewyPWWgq2ilnE3eZtiiGpjf6Gj
> > > e7AN38gY4y6MU0NU04r/E16tcPAuP+/7mmrr+Lh4PYxSn/LkXFy9GOdnGaTmaphv
> > > L0qwxb1pS4OO765cumy5IFyJHAn3O5EyNJYuxNPuoXu8azxACKb19SVnEuay0Z2W
> > > L0/WCYMNpN6kdX/1KceTlg6Gu8oxqVwBvHUewLvn91Lyy8d+EgPMJOPTXRnZSC49
> > > U4AUes2yA9Idbt4ZLNNIktdsK6MhgjCCAcIGCSqGSIb3DQEHATARBgUrDgMCBwQI
> > > +d5X8SPX45KAggGg1CRRmVhAwHcj2zE7uScsfMUzyDiuw3c7fdy3W653pYswYVel
> > > CpqQbK6chMv6ya1OCi3G1dMY3+M1sa21nc30tpAeF1MonFD9YSTuvTJVYHo5gAob
> > > mjnhNsYL+7H0VGWiRzmDNG+HzgUzQbrdk5vFd/4Wbc5UMTy++7PdXO8e+e300FTl
> > > iM96uijNS6QoZruM8vp2eNn1IymLwFv8xfwibJnzAz0SYXpbRJK9I+39g5rGA1/s
> > > uTRAa7W2Bc4lp71ROdsHBH3aJDYkzcrffd9nGy+b5icnRZa2S6TJTOEQkWpQos5k
> > > YQMi8+/3Chb8IBeH8HQ6/23PjjqIFVAHxj+pPlpiN4psx/10i9WAHzMBfUnodpPE
> > > +yqKLTFmo037A/LNEH4NorN9E/yPDsHVp3gwjMG60cLO9ipQHCMMjpCxQF4jwaTC
> > > 5W0fZd8uVZyayBXR0qLKBAhhtz6Y6k3zcXUBNjqKO1tyCUemndxLbuMPBMB1JZ7c
> > > Km7TipKk+LCMNBwVbLFIPCGQUchzGnJD+fzaQKLTca9fKieLpca8Ui/Ur8o=
> > > -----END PKCS7-----
> > > sscep: creating outer PKCS#7
> > > sscep: signature added successfully
> > > sscep: adding signed attributes
> > > sscep: adding string attribute transId
> > > sscep: adding string attribute messageType
> > > sscep: adding octet attribute senderNonce
> > > sscep: PKCS#7 data written successfully
> > > sscep: printing PEM fomatted PKCS#7
> > > -----BEGIN PKCS7-----
> > > MIIHc..........NAQcCoIIHYjCCB14CAQExDjAMBggqhkiG9w0CBQUAMIIDzwYJ
> > > KoZIhvcNAQcBoIIDwASCA7wwggO4BgkqhkiG9w0BBwOgggOpMIIDpQIBADGCAdgw
> > > ggHUAgEAMIG7MIGlMQswCQYDVQQGEwJTQzEZMBcGA1UECBMQTWFoZSwgU2V5Y2hl
> > > bGxlczEcMBoGA1UEChMTUG9zdE1ldCBDb3Jwb3JhdGlvbjEZMBcGA1UECxMQU1NM
> > > IGtleSBkaXZpc2lvbjEgMB4GA1UEAxMXUG9zdE1ldCBSb290IENBIENsYXNzIDEx
> > > IDAeBgkqhkiG9w0BCQEWEWFkbWluQHBvc3RtZXQuY29tAhETSGWDZFdjSHVjR2gx
> > > ZDWHwTANBgkqhkiG9w0BAQEFAASCAQCAerkqjAIts4Bf8TdhGuF4bCZCocccJ/aY
> > > 8cQDHzfmeJ9FJ3Wk9tT3nzvzM4WKGf4FjvpxouyzR4nKNOaHryaSyH1DOBzyx7DI
> > > 9ZaCraKWcTd5m2KIamN/oaN7sA3fyBjjLoxTQ1TTiv8TXq1w8C4/7/uaauv4uHg9
> > > jFKf8uRcXL0Y52cZpOZqmG8vSrDFvWlLg47vrly6bLkgXIkcCfc7kTI0li7E0+6h
> > > e7xrPEAIpvX1JWcS5rLRnZYvT9YJgw2k3qR1f/Upx5OWDoa7yjGpXAG8dR7Au+f3
> > > UvLLx34SA8wk49NdGdlILj1TgBR6zbID0h1u3hks00iS12wroyGCMIIBwgYJKoZI
> > > hvcNAQcBMBEGBSsOAwIHBAj53lfxI9fjkoCCAaDUJFGZWEDAdyPbMTu5Jyx8xTPI
> > > OK7Ddzt93LdbrnelizBhV6UKmpBsrpyEy/rJrU4KLcbV0xjf4zWxrbWdzfS2kB4X
> > > UyicUP1hJO69MlVgejmAChuaOeE2xgv7sfRUZaJHOYM0b4fOBTNBut2Tm8V3/hZt
> > > zlQxPL77s91c7x757fTQVOWIz3q6KM1LpChmu4zy+nZ42fUjKYvAW/zF/CJsmfMD
> > > PRJheltEkr0j7f2DmsYDX+y5NEBrtbYFziWnvVE52wcEfdokNiTNyt9932cbL5vm
> > > JydFlrZLpMlM4RCRalCizmRhAyLz7/cKFvwgF4fwdDr/bc+OOogVUAfGP6k+WmI3
> > > imzH/XSL1YAfMwF9Seh2k8T7KootMWajTfsD8s0Qfg2is30T/I8OwdWneDCMwbrR
> > > ws72KlAcIwyOkLFAXiPBpMLlbR9l3y5VnJrIFdHSosoECGG3PpjqTfNxdQE2Ooo7
> > > W3IJR6ad3Etu4w8EwHUlntwqbtOKkqT4sIw0HBVssUg8IZBRyHMackP5/NpAotNx
> > > r18qJ4ulxrxSL9SvyqCCAccwggHDMIIBLKADAgECAiA5QTZDMzkxOEM1NERCOTk0
> > > RTdFOTUxNTA1OTgzQTE4MTANBgkqhkiG9w0BAQQFADAYMRYwFAYDVQQDDA0xNzIu
> > > MTYuMjQuMjM4MB4XDTE5MDkwOTA3MTIzMloXDTE5MDkxNTA5MTIzMlowGDEWMBQG
> > > A1UEAwwNMTcyLjE2LjI0LjIzODCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA
> > > sfeobE3UTqt4Sd9vPnyG+ugzbW9uG1nXlm8Vv39MACJqfgxU6os8Kh6sElQcjXn5
> > > lNiy8L7VAX/Oqyp2SEcb4qAoIMCBMTLN7UzRHIpQKr9c6oZIcvUc0mBWpDbv3jcq
> > > dTfF1MoIs2/qyAVPg2f5sZ42V1w8IDZ6TM3JZK6/ckUCAwEAATANBgkqhkiG9w0B
> > > AQQFAAOBgQATop2OWQJzY3Axds0+9PGPAc0xGtlUQ462teCwgkm6bbrBr7eYhQeL
> > > gsT07aesE+37wrtOfmXBucDrdextS6OxW3g5KzC8Gp1yPXHglt8nUUESy9ooF490
> > > TZDBIIQ5yBbMk+AYy0IOWQURlNcc8RJ5LmJXnbq4G/etkLGGyELXxDGCAakwggGl
> > > AgEBMDwwGDEWMBQGA1UEAwwNMTcyLjE2LjI0LjIzOAIgOUE2QzM5MThDNTREQjk5
> > > NEU3RTk1MTUwNTk4M0ExODEwDAYIKoZIhvcNAgUFAKCBwTASBgpghkgBhvhFAQkC
> > > MQQTAjE5MBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8X
> > > DTE5MDkwOTA3MTIzMlowHwYJKoZIhvcNAQkEMRIEEMhY6izfmIjbrJo0kGbUbbQw
> > > IAYKYIZIAYb4RQEJBTESBBDpm5bmNyqQpJbJXX9leZwfMDAGCmCGSAGG+EUBCQcx
> > > IhMgOUE2QzM5MThDNTREQjk5NEU3RTk1MTUwNTk4M0ExODEwDQYJKoZIhvcNAQEB
> > > BQAEgYBThSGDFq9BdXNiOmDxxgw03eEEpxHKTn5jwdHnHxR5nLq2IKmVicyAdyuu
> > > Ax/ohg2CAU8+g+k914OzYWMh611mmKu5UyliRmq5LofTgXxzF3duW6aeRkMWxpDb
> > > zMp1TGXlKryeo1uPpZ5xZ0GGPqbkhsFlgCc2mhn35B7M2bD4jg==
> > > -----END PKCS7-----
> > > sscep: applying base64 encoding
> > > sscep: base64 encoded payload size: 2588 bytes
> > > sscep: scep msg: GET /ca/cgi-
> > > bin/pkiclient.exe?operation=PKIOperation&message=MIIHc..........N
> > > AQ
> > > cC
> > > oI
> > > IHYjCCB14CAQExDjAMBggqhkiG9w0CBQUAMIIDzwYJ%0AKoZIhvcNAQcBoIIDwASC
> > > A7
> > > ww
> > > gg
> > > O4BgkqhkiG9w0BBwOgggOpMIIDpQIBADGCAdgw%0AggHUAgEAMIG7MIGlMQswCQYD
> > > VQ
> > > QG
> > > Ew
> > > JTQzEZMBcGA1UECBMQTWFoZSwgU2V5Y2hl%0AbGxlczEcMBoGA1UEChMTUG9zdE1l
> > > dC
> > > BD
> > > b3
> > > Jwb3JhdGlvbjEZMBcGA1UECxMQU1NM%0AIGtleSBkaXZpc2lvbjEgMB4GA1UEAxMX
> > > UG
> > > 9z
> > > dE
> > > 1ldCBSb290IENBIENsYXNzIDEx%0AIDAeBgkqhkiG9w0BCQEWEWFkbWluQHBvc3Rt
> > > ZX
> > > Qu
> > > Y2
> > > 9tAhETSGWDZFdjSHVjR2gx%0AZDWHwTANBgkqhkiG9w0BAQEFAASCAQCAerkqjAIt
> > > s4
> > > Bf
> > > 8T
> > > dhGuF4bCZCocccJ/aY%0A8cQDHzfmeJ9FJ3Wk9tT3nzvzM4WKGf4FjvpxouyzR4nK
> > > NO
> > > aH
> > > ry
> > > aSyH1DOBzyx7DI%0A9ZaCraKWcTd5m2KIamN/oaN7sA3fyBjjLoxTQ1TTiv8TXq1w
> > > 8C
> > > 4/
> > > 7/
> > > uaauv4uHg9%0AjFKf8uRcXL0Y52cZpOZqmG8vSrDFvWlLg47vrly6bLkgXIkcCfc7
> > > kT
> > > I0
> > > li
> > > 7E0%2B6h%0Ae7xrPEAIpvX1JWcS5rLRnZYvT9YJgw2k3qR1f/Upx5OWDoa7yjGpXA
> > > G8
> > > dR
> > > 7A
> > > u%2Bf3%0AUvLLx34SA8wk49NdGdlILj1TgBR6zbID0h1u3hks00iS12wroyGCMIIB
> > > wg
> > > YJ
> > > Ko
> > > ZI%0AhvcNAQcBMBEGBSsOAwIHBAj53lfxI9fjkoCCAaDUJFGZWEDAdyPbMTu5Jyx8
> > > xT
> > > PI
> > > %0
> > > AOK7Ddzt93LdbrnelizBhV6UKmpBsrpyEy/rJrU4KLcbV0xjf4zWxrbWdzfS2kB4X
> > > %0
> > > AU
> > > yi
> > > cUP1hJO69MlVgejmAChuaOeE2xgv7sfRUZaJHOYM0b4fOBTNBut2Tm8V3/hZt%0Az
> > > lQ
> > > xP
> > > L7
> > > 7s91c7x757fTQVOWIz3q6KM1LpChmu4zy%2BnZ42fUjKYvAW/zF/CJsmfMD%0APRJ
> > > he
> > > lt
> > > Ek
> > > r0j7f2DmsYDX%2By5NEBrtbYFziWnvVE52wcEfdokNiTNyt9932cbL5vm%0AJydFl
> > > rZ
> > > Lp
> > > Ml
> > > M4RCRalCizmRhAyLz7/cKFvwgF4fwdDr/bc%2BOOogVUAfGP6k%2BWmI3%0AimzH/
> > > XS
> > > L1
> > > YA
> > > fMwF9Seh2k8T7KootMWajTfsD8s0Qfg2is30T/I8OwdWneDCMwbrR%0Aws72KlAcI
> > > wy
> > > Ok
> > > LF
> > > AXiPBpMLlbR9l3y5VnJrIFdHSosoECGG3PpjqTfNxdQE2Ooo7%0AW3IJR6ad3Etu4
> > > w8
> > > Ew
> > > HU
> > > lntwqbtOKkqT4sIw0HBVssUg8IZBRyHMackP5/NpAotNx%0Ar18qJ4ulxrxSL9Svy
> > > qC
> > > CA
> > > cc
> > > wggHDMIIBLKADAgECAiA5QTZDMzkxOEM1NERCOTk0%0ARTdFOTUxNTA1OTgzQTE4M
> > > TA
> > > NB
> > > gk
> > > qhkiG9w0BAQQFADAYMRYwFAYDVQQDDA0xNzIu%0AMTYuMjQuMjM4MB4XDTE5MDkwO
> > > TA
> > > 3M
> > > TI
> > > zMloXDTE5MDkxNTA5MTIzMlowGDEWMBQG%0AA1UEAwwNMTcyLjE2LjI0LjIzODCBn
> > > zA
> > > NB
> > > gk
> > > qhkiG9w0BAQEFAAOBjQAwgYkCgYEA%0AsfeobE3UTqt4Sd9vPnyG%2BugzbW9uG1n
> > > Xl
> > > m8
> > > Vv
> > > 39MACJqfgxU6os8Kh6sElQcjXn5%0AlNiy8L7VAX/Oqyp2SEcb4qAoIMCBMTLN7Uz
> > > RH
> > > Ip
> > > QK
> > > r9c6oZIcvUc0mBWpDbv3jcq%0AdTfF1MoIs2/qyAVPg2f5sZ42V1w8IDZ6TM3JZK6
> > > /c
> > > kU
> > > CA
> > > wEAATANBgkqhkiG9w0B%0AAQQFAAOBgQATop2OWQJzY3Axds0%2B9PGPAc0xGtlUQ
> > > 46
> > > 2t
> > > eC
> > > wgkm6bbrBr7eYhQeL%0AgsT07aesE%2B37wrtOfmXBucDrdextS6OxW3g5KzC8Gp1
> > > yP
> > > XH
> > > gl
> > > t8nUUESy9ooF490%0ATZDBIIQ5yBbMk%2BAYy0IOWQURlNcc8RJ5LmJXnbq4G/etk
> > > LG
> > > Gy
> > > EL
> > > XxDGCAakwggGl%0AAgEBMDwwGDEWMBQGA1UEAwwNMTcyLjE2LjI0LjIzOAIgOUE2Q
> > > zM
> > > 5M
> > > Th
> > > DNTREQjk5%0ANEU3RTk1MTUwNTk4M0ExODEwDAYIKoZIhvcNAgUFAKCBwTASBgpgh
> > > kg
> > > Bh
> > > vh
> > > FAQkC%0AMQQTAjE5MBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNA
> > > Qk
> > > FM
> > > Q8
> > > X%0ADTE5MDkwOTA3MTIzMlowHwYJKoZIhvcNAQkEMRIEEMhY6izfmIjbrJo0kGbUb
> > > bQ
> > > w%
> > > 0A
> > > IAYKYIZIAYb4RQEJBTESBBDpm5bmNyqQpJbJXX9leZwfMDAGCmCGSAGG%2BEUBCQc
> > > x%
> > > 0A
> > > Ih
> > > MgOUE2QzM5MThDNTREQjk5NEU3RTk1MTUwNTk4M0ExODEwDQYJKoZIhvcNAQEB%0A
> > > BQ
> > > AE
> > > gY
> > > BThSGDFq9BdXNiOmDxxgw03eEEpxHKTn5jwdHnHxR5nLq2IKmVicyAdyuu%0AAx/o
> > > hg
> > > 2C
> > > AU
> > > 8%2Bg%2Bk914OzYWMh611mmKu5UyliRmq5LofTgXxzF3duW6aeRkMWxpDb%0AzMp1
> > > TG
> > > Xl
> > > Kr
> > > yeo1uPpZ5xZ0GGPqbkhsFlgCc2mhn35B7M2bD4jg%3D%3D%0A HTTP/1.0
> > > 
> > > sscep: server returned status code 500
> > > sscep: mime_err: HTTP/1.1 500 
> > > Content-Type: text/html;charset=utf-8
> > > Content-Language: en
> > > Content-Length: 3234
> > > Date: Mon, 09 Sep 2019 07:12:32 GMT
> > > Connection: close
> > > 
> > > <!doctype html><html lang="en"><head><title>HTTP Status 500 ?
> > > Internal
> > > Server Error</title><style type="text/css">h1 {font-
> > > family:Tahoma,Arial,sans-serif;color:white;background-
> > > color:#525D76;font-size:22px;} h2 {font-family:Tahoma,Arial,sans-
> > > serif;color:white;background-color:#525D76;font-size:16px;} h3
> > > {font-
> > > family:Tahoma,Arial,sans-serif;color:white;background-
> > > color:#525D76;font-size:14px;} body {font-
> > > family:Tahoma,Arial,sans-
> > > serif;color:black;background-color:white;} b {font-
> > > family:Tahoma,Arial,sans-serif;color:white;background-
> > > color:#525D76;} 
> > > p
> > > {font-family:Tahoma,Arial,sans-
> > > serif;background:white;color:black;font-
> > > size:12px;} a {color:black;} a.name {color:black;} .line
> > > {height:1px;background-
> > > color:#525D76;border:none;}</style></head><body><h1>HTTP Status
> > > 500
> > > ?
> > > Internal Server Error</h1><hr class="line" /><p><b>Type</b>
> > > Exception
> > > Report</p><p><b>Message</b> Couldn&#39;t handle CEP request
> > > (PKCSReq)
> > > -
> > > Could not unwrap PKCS10 blob:
> > > java.security.cert.CertificateException:
> > > Error instantiating class for challenge_password
> > > java.lang.ClassNotFoundException:
> > > com.netscape.cms.servlet.cert.scep.ChallengePassword</p><p><b>Des
> > > cr
> > > ip
> > > ti
> > > on</b> The server encountered an unexpected condition that
> > > prevented
> > > it
> > > from fulfilling the
> > > request.</p><p><b>Exception</b></p><pre>javax.servlet.ServletExce
> > > pt
> > > io
> > > n:
> > > Couldn&#39;t handle CEP request (PKCSReq) - Could not unwrap
> > > PKCS10
> > > blob: java.security.cert.CertificateException: Error
> > > instantiating
> > > class for challenge_password java.lang.ClassNotFoundException:
> > > com.netscape.cms.servlet.cert.scep.ChallengePassword
> > >         com.netscape.cms.servlet.cert.scep.CRSEnrollment.service(
> > > CR
> > > SE
> > > nr
> > > ollment.java:397)
> > >         javax.servlet.http.HttpServlet.service(HttpServlet.java:7
> > > 41
> > > )
> > >         sun.reflect.GeneratedMethodAccessor48.invoke(Unknown
> > > Source)
> > >         sun.reflect.DelegatingMethodAccessorImpl.invoke(Delegatin
> > > gM
> > > et
> > > ho
> > > dAccessorImpl.java:43)
> > >         java.lang.reflect.Method.invoke(Method.java:498)
> > >         org.apache.catalina.security.SecurityUtil$1.run(SecurityU
> > > ti
> > > l.
> > > ja
> > > va:282)
> > >         org.apache.catalina.security.SecurityUtil$1.run(SecurityU
> > > ti
> > > l.
> > > ja
> > > va:279)
> > >         java.security.AccessController.doPrivileged(Native
> > > Method)
> > >         javax.security.auth.Subject.doAsPrivileged(Subject.java:5
> > > 49
> > > )
> > >         org.apache.catalina.security.SecurityUtil.execute(Securit
> > > yU
> > > ti
> > > l.
> > > java:314)
> > >         org.apache.catalina.security.SecurityUtil.doAsPrivilege(S
> > > ec
> > > ur
> > > it
> > > yUtil.java:170)
> > >         java.security.AccessController.doPrivileged(Native
> > > Method)
> > >         org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFi
> > > lt
> > > er
> > > .j
> > > ava:53)
> > >         sun.reflect.GeneratedMethodAccessor47.invoke(Unknown
> > > Source)
> > >         sun.reflect.DelegatingMethodAccessorImpl.invoke(Delegatin
> > > gM
> > > et
> > > ho
> > > dAccessorImpl.java:43)
> > >         java.lang.reflect.Method.invoke(Method.java:498)
> > >         org.apache.catalina.security.SecurityUtil$1.run(SecurityU
> > > ti
> > > l.
> > > ja
> > > va:282)
> > >         org.apache.catalina.security.SecurityUtil$1.run(SecurityU
> > > ti
> > > l.
> > > ja
> > > va:279)
> > >         java.security.AccessController.doPrivileged(Native
> > > Method)
> > >         javax.security.auth.Subject.doAsPrivileged(Subject.java:5
> > > 49
> > > )
> > >         org.apache.catalina.security.SecurityUtil.execute(Securit
> > > yU
> > > ti
> > > l.
> > > java:314)
> > >         org.apache.catalina.security.SecurityUtil.doAsPrivilege(S
> > > ec
> > > ur
> > > it
> > > yUtil.java:253)
> > > </pre><p><b>Note</b> The full stack trace of the root cause is
> > > available in the server logs.</p><hr class="line" /><h3>Apache
> > > Tomcat/9.0.21</h3></body></html>
> > > sscep: wrong (or missing) MIME content type
> > > sscep: error while sending message
> > > 
> > > 
> > > Why it is trying to unwrap PKCS10 if we are sending PKCS7 ?
> > > How it can be fixed ?
> > > I am sure you know it.
> > > Please help.
> > > 
> > > 
> > > 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/pki-users/attachments/20190913/1f632681/attachment.sig>

From pr at postmet.com  Mon Sep 16 06:11:54 2019
From: pr at postmet.com (Pavel Ryabikh)
Date: Mon, 16 Sep 2019 09:11:54 +0300
Subject: [Pki-users] sscep enroll error
In-Reply-To: <8a415b307d6729c802bb37c03039fa082f3c8f83.camel@redhat.com>
References: <4aaa38b598ca9529d5061f0dd2686cbdd7f47451.camel@postmet.com>
	<579d7458101fa73047785be465ca799437405f98.camel@redhat.com>
	<bd714f2882de56f30033efe2cb332a338f241ed7.camel@postmet.com>
	<8a415b307d6729c802bb37c03039fa082f3c8f83.camel@redhat.com>
Message-ID: <a5eee899ee4c6f712f784d14f25eac48586ec989.camel@postmet.com>

Dear, Krishnamoorthy,

We are using Fedora 30 (Fedora 29 was a mistake, sorry):

$ cat /etc/os-release
NAME=Fedora
VERSION="30 (Server Edition)"
ID=fedora
VERSION_ID=30
VERSION_CODENAME=""
PLATFORM_ID="platform:f30"
PRETTY_NAME="Fedora 30 (Server Edition)"
ANSI_COLOR="0;34"
LOGO=fedora-logo-icon
CPE_NAME="cpe:/o:fedoraproject:fedora:30"
HOME_URL="https://fedoraproject.org/"
DOCUMENTATION_URL="
https://docs.fedoraproject.org/en-US/fedora/f30/system-administrators-guide/
"
SUPPORT_URL="
https://fedoraproject.org/wiki/Communicating_and_getting_help"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Fedora"
REDHAT_BUGZILLA_PRODUCT_VERSION=30
REDHAT_SUPPORT_PRODUCT="Fedora"
REDHAT_SUPPORT_PRODUCT_VERSION=30
PRIVACY_POLICY_URL="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
VARIANT="Server Edition"
VARIANT_ID=server

and "pki-server-10.8.0-0.1.fc30.noarch"

What can be a reason of SCEP bug?
Can it be fixed?
How could we use SCEP in this conditions?
Can you at least point a direction to fix it? or it is hopeless to make
SCEP work?


On Fri, 2019-09-13 at 15:14 -0400, Dinesh Prasanth Moluguwan
Krishnamoorthy wrote:
> On Wed, 2019-09-11 at 09:20 +0300, Pavel Ryabikh wrote:
> > This is the result of "rpm -qa | grep pki":
> > 
> > pki-tools-10.8.0-0.1.fc30.x86_64
> > pki-javadoc-10.8.0-0.1.fc30.noarch
> > python3-pki-10.8.0-0.1.fc30.noarch
> > pki-ca-10.8.0-0.1.fc30.noarch
> > dogtag-pki-console-theme-10.8.0-0.1.fc30.noarch
> > pki-server-10.8.0-0.1.fc30.noarch
> > pki-tks-10.8.0-0.1.fc30.noarch
> > dogtag-pki-10.8.0-0.1.fc30.x86_64
> > pki-base-java-10.8.0-0.1.fc30.noarch
> > pki-symkey-10.8.0-0.1.fc30.x86_64
> > pki-ocsp-10.8.0-0.1.fc30.noarch
> > dogtag-pki-server-theme-10.8.0-0.1.fc30.noarch
> > pki-base-10.8.0-0.1.fc30.noarch
> > pki-kra-10.8.0-0.1.fc30.noarch
> > pki-console-10.8.0-0.1.fc30.noarch
> > pki-tps-10.8.0-0.1.fc30.x86_64
> > 
> > Does it help to fix the problem ?
> Pavel,
> 
> No, it does not. But, helps to identify the issue.
> 
> As per your original email, you are using Fedora 29 system. But, the
> packages installed seem to be built on **Fedora 30**. We don't
> support
> installing Fedora 30 packages on Fedora 29.
> 
> Also, I see that you are using PKI 10.8.0 version. We haven't
> officially released it on Fedora. The latest official release is pki-
> core-10.7.3-3
> 
> Regards,
> --Dinesh
> 
> > 
> > On Tue, 2019-09-10 at 12:16 -0400, Dinesh Prasanth Moluguwan
> > Krishnamoorthy wrote:
> > > Hi Pavel,
> > > 
> > > There was a recent merger of pki-cmscore.jar into pki-cms.jar
> > > [1].
> > > As
> > > a
> > > consequence,
> > > `com.netscape.cms.servlet.cert.scep.ChallengePassword`
> > > was
> > > also affected. I suspect there is some mismatch in the installed
> > > version of the packages.
> > > 
> > > Can you post the result of:
> > > 
> > > `rpm -qa | grep pki` ?
> > > 
> > > [1] 
> > > https://github.com/dogtagpki/pki/commits/master/base/server/src/com/netscape/cms/servlet/cert/scep/ChallengePassword.java
> > > 
> > > Regards,
> > > --Dinesh
> > > 
> > > On Mon, 2019-09-09 at 10:32 +0300, Pavel Ryabikh wrote:
> > > > Hello dear PKI-users!
> > > > 
> > > > Our pki system version is:
> > > > Fedora 29. 
> > > > pki-server-10.8.0-0.1.fc30.noarch
> > > > 
> > > > We are configured SCEP following:
> > > > https://www.dogtagpki.org/wiki/SCEP_Setup
> > > > 
> > > > CS.cfg:
> > > > ...
> > > > ca.scep.allowedEncryptionAlgorithms=DES,DES3
> > > > ca.scep.allowedHashAlgorithms=MD5,SHA1,SHA256,SHA512
> > > > ca.scep.enable=true
> > > > ca.scep.encryptionAlgorithm=DES
> > > > ca.scep.hashAlgorithm=MD5
> > > > ca.scep.nonceSizeLimit=16
> > > > ...
> > > > 
> > > > we also
> > > > - installed SSCEP client
> > > > - generated CA certificate
> > > > $ sscep getca -u http://$HOSTNAME:8080/ca/cgi-bin/pkiclient.exe
> > > > -c
> > > > ca.crt
> > > > it is checked by
> > > > $ openssl x509 -in ca.crt -text
> > > > and it is correct
> > > > - generated CSR request and a key
> > > > $ /usr/bin/mkrequest -ip 172.16.24.238 Uojs93wkfd0IS
> > > > 
> > > > and when trying to test enroll we are getting the followng
> > > > error:
> > > > (Could not unwrap PKCS10 blob:
> > > > java.security.cert.CertificateException:
> > > > Error instantiating class for challenge_password
> > > > java.lang.ClassNotFoundException): 
> > > > 
> > > > # sscep enroll -u http://$HOSTNAME:8080/ca/cgi-
> > > > bin/pkiclient.exe
> > > > -c
> > > > ca.crt -k local.key -r local.csr -l cert.crt -d
> > > > 
> > > > sscep: starting sscep, version 0.6.1
> > > > sscep: new transaction
> > > > sscep: transaction id: D41D8CD98F00B204E9800998ECF8427E
> > > > sscep: hostname: ca.lvm.postmet.com
> > > > sscep: directory: ca/cgi-bin/pkiclient.exe
> > > > sscep: port: 8080
> > > > sscep:  Read request with transaction id:
> > > > 9A6C3918C54DB994E7E951505983A181
> > > > sscep: generating selfsigned certificate
> > > > sscep: SCEP_OPERATION_ENROLL
> > > > sscep: sending certificate request
> > > > sscep: creating inner PKCS#7
> > > > sscep: inner PKCS#7 in mem BIO 
> > > > sscep: request data dump 
> > > > -----BEGIN CERTIFICATE REQUEST-----
> > > > MIIBmz..........GDEWMBQGA1UEAwwNMTcyLjE2LjI0LjIzODCBnzANBgkqhki
> > > > G
> > > > 9w0BAQEFAAOBjQAwgYkCgYEAsfeobE3UTqt4Sd9vPnyG+ugzbW9uG1nXlm8Vv39
> > > > M
> > > > ACJqfgxU6os8Kh6sElQcjXn5lNiy8L7VAX/Oqyp2SEcb4qAoIMCBMTLN7UzRHIp
> > > > Q
> > > > Kr9c6oZIcvUc0mBWpDbv3jcqdTfF1MoIs2/qyAVPg2f5sZ42V1w8IDZ6TM3JZK6
> > > > /
> > > > ckUCAwEAAaBDMBwGCSqGSIb3DQEJBzEPDA1Vb2pzOTN3a2ZkMElTMCMGCSqGSIb
> > > > 3
> > > > DQEJDjEWMBQwEgYDVR0RAQH/BAgwBocErBAY7jANBgkqhkiG9w0BAQsFAAOBgQA
> > > > 5
> > > > URuLsrH0bKtBqrNiaPT1nMQ+fRAJ6Ckjfj/pQsyXO0Nll7blBdbErOtSzDR5yV9
> > > > 1
> > > > g6/oin5LPn/RwT1hATfjCniF4UVfotLnFjKQe7icsS82gl2FNT+pG1CjTAqxJqZ
> > > > O
> > > > oBe+ZWzs4cx7wHerjk5u8baz79XFfkQyCdL6QRVlTA==
> > > > -----END CERTIFICATE REQUEST-----
> > > > sscep: data payload size: 415 bytes
> > > > 
> > > >  sscep: hexdump request payload 
> > > > 3082019b3082010402010030183116301406035504030c0d3137322e31362e3
> > > > 23
> > > > 42
> > > > e3
> > > > 23
> > > > 33830819f300d06092a864886f70d010101050003818d0030818902818100b1
> > > > f7
> > > > a8
> > > > 6c
> > > > 4d
> > > > d44eab7849df6f3e7c86fae8336d6f6e1b59d7966f15bf7f4c00226a7e0c54e
> > > > a8
> > > > b3
> > > > c2
> > > > a1
> > > > eac12541c8d79f994d8b2f0bed5017fceab2a7648471be2a02820c0813132cd
> > > > ed
> > > > 4c
> > > > d1
> > > > 1c
> > > > 8a502abf5cea864872f51cd26056a436efde372a7537c5d4ca08b36feac8054
> > > > f8
> > > > 36
> > > > 7f
> > > > 9b
> > > > 19e36575c3c20367a4ccdc964aebf72450203010001a043301c06092a864886
> > > > f7
> > > > 0d
> > > > 01
> > > > 09
> > > > 07310f0c0d556f6a733933776b6664304953302306092a864886f70d01090e3
> > > > 11
> > > > 63
> > > > 01
> > > > 43
> > > > 0120603551d110101ff040830068704ac1018ee300d06092a864886f70d0101
> > > > 0b
> > > > 05
> > > > 00
> > > > 03
> > > > 81810039511b8bb2b1f46cab41aab36268f4f59cc43e7d1009e829237e3fe94
> > > > 2c
> > > > c9
> > > > 73
> > > > b4
> > > > 36597b6e505d6c4aceb52cc3479c95f7583afe88a7e4b3e7fd1c13d610137e3
> > > > 0a
> > > > 78
> > > > 85
> > > > e1
> > > > 455fa2d2e71632907bb89cb12f36825d85353fa91b50a34c0ab126a64ea017b
> > > > e6
> > > > 56
> > > > ce
> > > > ce
> > > > 1cc7bc077ab8e4e6ef1b6b3efd5c57e443209d2fa4115654c
> > > >  sscep: hexdump payload 415 
> > > > sscep: successfully encrypted payload
> > > > sscep: envelope size: 956 bytes
> > > > sscep: printing PEM fomatted PKCS#7
> > > > -----BEGIN PKCS7-----
> > > > MIIDu..........NAQcDoIIDqTCCA6UCAQAxggHYMIIB1AIBADCBuzCBpTELMAk
> > > > G
> > > > A1UEBhMCU0MxGTAXBgNVBAgTEE1haGUsIFNleWNoZWxsZXMxHDAaBgNVBAoTE1B
> > > > v
> > > > c3RNZXQgQ29ycG9yYXRpb24xGTAXBgNVBAsTEFNTTCBrZXkgZGl2aXNpb24xIDA
> > > > e
> > > > BgNVBAMTF1Bvc3RNZXQgUm9vdCBDQSBDbGFzcyAxMSAwHgYJKoZIhvcNAQkBFhF
> > > > h
> > > > ZG1pbkBwb3N0bWV0LmNvbQIRE0hlg2RXY0h1Y0doMWQ1h8EwDQYJKoZIhvcNAQE
> > > > B
> > > > BQAEggEAgHq5KowCLbOAX/E3YRrheGwmQqHHHCf2mPHEAx835nifRSd1pPbU958
> > > > 7
> > > > 8zOFihn+BY76caLss0eJyjTmh68mksh9Qzgc8sewyPWWgq2ilnE3eZtiiGpjf6G
> > > > j
> > > > e7AN38gY4y6MU0NU04r/E16tcPAuP+/7mmrr+Lh4PYxSn/LkXFy9GOdnGaTmaph
> > > > v
> > > > L0qwxb1pS4OO765cumy5IFyJHAn3O5EyNJYuxNPuoXu8azxACKb19SVnEuay0Z2
> > > > W
> > > > L0/WCYMNpN6kdX/1KceTlg6Gu8oxqVwBvHUewLvn91Lyy8d+EgPMJOPTXRnZSC4
> > > > 9
> > > > U4AUes2yA9Idbt4ZLNNIktdsK6MhgjCCAcIGCSqGSIb3DQEHATARBgUrDgMCBwQ
> > > > I
> > > > +d5X8SPX45KAggGg1CRRmVhAwHcj2zE7uScsfMUzyDiuw3c7fdy3W653pYswYVe
> > > > l
> > > > CpqQbK6chMv6ya1OCi3G1dMY3+M1sa21nc30tpAeF1MonFD9YSTuvTJVYHo5gAo
> > > > b
> > > > mjnhNsYL+7H0VGWiRzmDNG+HzgUzQbrdk5vFd/4Wbc5UMTy++7PdXO8e+e300FT
> > > > l
> > > > iM96uijNS6QoZruM8vp2eNn1IymLwFv8xfwibJnzAz0SYXpbRJK9I+39g5rGA1/
> > > > s
> > > > uTRAa7W2Bc4lp71ROdsHBH3aJDYkzcrffd9nGy+b5icnRZa2S6TJTOEQkWpQos5
> > > > k
> > > > YQMi8+/3Chb8IBeH8HQ6/23PjjqIFVAHxj+pPlpiN4psx/10i9WAHzMBfUnodpP
> > > > E
> > > > +yqKLTFmo037A/LNEH4NorN9E/yPDsHVp3gwjMG60cLO9ipQHCMMjpCxQF4jwaT
> > > > C
> > > > 5W0fZd8uVZyayBXR0qLKBAhhtz6Y6k3zcXUBNjqKO1tyCUemndxLbuMPBMB1JZ7
> > > > c
> > > > Km7TipKk+LCMNBwVbLFIPCGQUchzGnJD+fzaQKLTca9fKieLpca8Ui/Ur8o=
> > > > -----END PKCS7-----
> > > > sscep: creating outer PKCS#7
> > > > sscep: signature added successfully
> > > > sscep: adding signed attributes
> > > > sscep: adding string attribute transId
> > > > sscep: adding string attribute messageType
> > > > sscep: adding octet attribute senderNonce
> > > > sscep: PKCS#7 data written successfully
> > > > sscep: printing PEM fomatted PKCS#7
> > > > -----BEGIN PKCS7-----
> > > > MIIHc..........NAQcCoIIHYjCCB14CAQExDjAMBggqhkiG9w0CBQUAMIIDzwY
> > > > J
> > > > KoZIhvcNAQcBoIIDwASCA7wwggO4BgkqhkiG9w0BBwOgggOpMIIDpQIBADGCAdg
> > > > w
> > > > ggHUAgEAMIG7MIGlMQswCQYDVQQGEwJTQzEZMBcGA1UECBMQTWFoZSwgU2V5Y2h
> > > > l
> > > > bGxlczEcMBoGA1UEChMTUG9zdE1ldCBDb3Jwb3JhdGlvbjEZMBcGA1UECxMQU1N
> > > > M
> > > > IGtleSBkaXZpc2lvbjEgMB4GA1UEAxMXUG9zdE1ldCBSb290IENBIENsYXNzIDE
> > > > x
> > > > IDAeBgkqhkiG9w0BCQEWEWFkbWluQHBvc3RtZXQuY29tAhETSGWDZFdjSHVjR2g
> > > > x
> > > > ZDWHwTANBgkqhkiG9w0BAQEFAASCAQCAerkqjAIts4Bf8TdhGuF4bCZCocccJ/a
> > > > Y
> > > > 8cQDHzfmeJ9FJ3Wk9tT3nzvzM4WKGf4FjvpxouyzR4nKNOaHryaSyH1DOBzyx7D
> > > > I
> > > > 9ZaCraKWcTd5m2KIamN/oaN7sA3fyBjjLoxTQ1TTiv8TXq1w8C4/7/uaauv4uHg
> > > > 9
> > > > jFKf8uRcXL0Y52cZpOZqmG8vSrDFvWlLg47vrly6bLkgXIkcCfc7kTI0li7E0+6
> > > > h
> > > > e7xrPEAIpvX1JWcS5rLRnZYvT9YJgw2k3qR1f/Upx5OWDoa7yjGpXAG8dR7Au+f
> > > > 3
> > > > UvLLx34SA8wk49NdGdlILj1TgBR6zbID0h1u3hks00iS12wroyGCMIIBwgYJKoZ
> > > > I
> > > > hvcNAQcBMBEGBSsOAwIHBAj53lfxI9fjkoCCAaDUJFGZWEDAdyPbMTu5Jyx8xTP
> > > > I
> > > > OK7Ddzt93LdbrnelizBhV6UKmpBsrpyEy/rJrU4KLcbV0xjf4zWxrbWdzfS2kB4
> > > > X
> > > > UyicUP1hJO69MlVgejmAChuaOeE2xgv7sfRUZaJHOYM0b4fOBTNBut2Tm8V3/hZ
> > > > t
> > > > zlQxPL77s91c7x757fTQVOWIz3q6KM1LpChmu4zy+nZ42fUjKYvAW/zF/CJsmfM
> > > > D
> > > > PRJheltEkr0j7f2DmsYDX+y5NEBrtbYFziWnvVE52wcEfdokNiTNyt9932cbL5v
> > > > m
> > > > JydFlrZLpMlM4RCRalCizmRhAyLz7/cKFvwgF4fwdDr/bc+OOogVUAfGP6k+WmI
> > > > 3
> > > > imzH/XSL1YAfMwF9Seh2k8T7KootMWajTfsD8s0Qfg2is30T/I8OwdWneDCMwbr
> > > > R
> > > > ws72KlAcIwyOkLFAXiPBpMLlbR9l3y5VnJrIFdHSosoECGG3PpjqTfNxdQE2Ooo
> > > > 7
> > > > W3IJR6ad3Etu4w8EwHUlntwqbtOKkqT4sIw0HBVssUg8IZBRyHMackP5/NpAotN
> > > > x
> > > > r18qJ4ulxrxSL9SvyqCCAccwggHDMIIBLKADAgECAiA5QTZDMzkxOEM1NERCOTk
> > > > 0
> > > > RTdFOTUxNTA1OTgzQTE4MTANBgkqhkiG9w0BAQQFADAYMRYwFAYDVQQDDA0xNzI
> > > > u
> > > > MTYuMjQuMjM4MB4XDTE5MDkwOTA3MTIzMloXDTE5MDkxNTA5MTIzMlowGDEWMBQ
> > > > G
> > > > A1UEAwwNMTcyLjE2LjI0LjIzODCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYE
> > > > A
> > > > sfeobE3UTqt4Sd9vPnyG+ugzbW9uG1nXlm8Vv39MACJqfgxU6os8Kh6sElQcjXn
> > > > 5
> > > > lNiy8L7VAX/Oqyp2SEcb4qAoIMCBMTLN7UzRHIpQKr9c6oZIcvUc0mBWpDbv3jc
> > > > q
> > > > dTfF1MoIs2/qyAVPg2f5sZ42V1w8IDZ6TM3JZK6/ckUCAwEAATANBgkqhkiG9w0
> > > > B
> > > > AQQFAAOBgQATop2OWQJzY3Axds0+9PGPAc0xGtlUQ462teCwgkm6bbrBr7eYhQe
> > > > L
> > > > gsT07aesE+37wrtOfmXBucDrdextS6OxW3g5KzC8Gp1yPXHglt8nUUESy9ooF49
> > > > 0
> > > > TZDBIIQ5yBbMk+AYy0IOWQURlNcc8RJ5LmJXnbq4G/etkLGGyELXxDGCAakwggG
> > > > l
> > > > AgEBMDwwGDEWMBQGA1UEAwwNMTcyLjE2LjI0LjIzOAIgOUE2QzM5MThDNTREQjk
> > > > 5
> > > > NEU3RTk1MTUwNTk4M0ExODEwDAYIKoZIhvcNAgUFAKCBwTASBgpghkgBhvhFAQk
> > > > C
> > > > MQQTAjE5MBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8
> > > > X
> > > > DTE5MDkwOTA3MTIzMlowHwYJKoZIhvcNAQkEMRIEEMhY6izfmIjbrJo0kGbUbbQ
> > > > w
> > > > IAYKYIZIAYb4RQEJBTESBBDpm5bmNyqQpJbJXX9leZwfMDAGCmCGSAGG+EUBCQc
> > > > x
> > > > IhMgOUE2QzM5MThDNTREQjk5NEU3RTk1MTUwNTk4M0ExODEwDQYJKoZIhvcNAQE
> > > > B
> > > > BQAEgYBThSGDFq9BdXNiOmDxxgw03eEEpxHKTn5jwdHnHxR5nLq2IKmVicyAdyu
> > > > u
> > > > Ax/ohg2CAU8+g+k914OzYWMh611mmKu5UyliRmq5LofTgXxzF3duW6aeRkMWxpD
> > > > b
> > > > zMp1TGXlKryeo1uPpZ5xZ0GGPqbkhsFlgCc2mhn35B7M2bD4jg==
> > > > -----END PKCS7-----
> > > > sscep: applying base64 encoding
> > > > sscep: base64 encoded payload size: 2588 bytes
> > > > sscep: scep msg: GET /ca/cgi-
> > > > bin/pkiclient.exe?operation=PKIOperation&message=MIIHc.........
> > > > .N
> > > > AQ
> > > > cC
> > > > oI
> > > > IHYjCCB14CAQExDjAMBggqhkiG9w0CBQUAMIIDzwYJ%0AKoZIhvcNAQcBoIIDwA
> > > > SC
> > > > A7
> > > > ww
> > > > gg
> > > > O4BgkqhkiG9w0BBwOgggOpMIIDpQIBADGCAdgw%0AggHUAgEAMIG7MIGlMQswCQ
> > > > YD
> > > > VQ
> > > > QG
> > > > Ew
> > > > JTQzEZMBcGA1UECBMQTWFoZSwgU2V5Y2hl%0AbGxlczEcMBoGA1UEChMTUG9zdE
> > > > 1l
> > > > dC
> > > > BD
> > > > b3
> > > > Jwb3JhdGlvbjEZMBcGA1UECxMQU1NM%0AIGtleSBkaXZpc2lvbjEgMB4GA1UEAx
> > > > MX
> > > > UG
> > > > 9z
> > > > dE
> > > > 1ldCBSb290IENBIENsYXNzIDEx%0AIDAeBgkqhkiG9w0BCQEWEWFkbWluQHBvc3
> > > > Rt
> > > > ZX
> > > > Qu
> > > > Y2
> > > > 9tAhETSGWDZFdjSHVjR2gx%0AZDWHwTANBgkqhkiG9w0BAQEFAASCAQCAerkqjA
> > > > It
> > > > s4
> > > > Bf
> > > > 8T
> > > > dhGuF4bCZCocccJ/aY%0A8cQDHzfmeJ9FJ3Wk9tT3nzvzM4WKGf4FjvpxouyzR4
> > > > nK
> > > > NO
> > > > aH
> > > > ry
> > > > aSyH1DOBzyx7DI%0A9ZaCraKWcTd5m2KIamN/oaN7sA3fyBjjLoxTQ1TTiv8TXq
> > > > 1w
> > > > 8C
> > > > 4/
> > > > 7/
> > > > uaauv4uHg9%0AjFKf8uRcXL0Y52cZpOZqmG8vSrDFvWlLg47vrly6bLkgXIkcCf
> > > > c7
> > > > kT
> > > > I0
> > > > li
> > > > 7E0%2B6h%0Ae7xrPEAIpvX1JWcS5rLRnZYvT9YJgw2k3qR1f/Upx5OWDoa7yjGp
> > > > XA
> > > > G8
> > > > dR
> > > > 7A
> > > > u%2Bf3%0AUvLLx34SA8wk49NdGdlILj1TgBR6zbID0h1u3hks00iS12wroyGCMI
> > > > IB
> > > > wg
> > > > YJ
> > > > Ko
> > > > ZI%0AhvcNAQcBMBEGBSsOAwIHBAj53lfxI9fjkoCCAaDUJFGZWEDAdyPbMTu5Jy
> > > > x8
> > > > xT
> > > > PI
> > > > %0
> > > > AOK7Ddzt93LdbrnelizBhV6UKmpBsrpyEy/rJrU4KLcbV0xjf4zWxrbWdzfS2kB
> > > > 4X
> > > > %0
> > > > AU
> > > > yi
> > > > cUP1hJO69MlVgejmAChuaOeE2xgv7sfRUZaJHOYM0b4fOBTNBut2Tm8V3/hZt%0
> > > > Az
> > > > lQ
> > > > xP
> > > > L7
> > > > 7s91c7x757fTQVOWIz3q6KM1LpChmu4zy%2BnZ42fUjKYvAW/zF/CJsmfMD%0AP
> > > > RJ
> > > > he
> > > > lt
> > > > Ek
> > > > r0j7f2DmsYDX%2By5NEBrtbYFziWnvVE52wcEfdokNiTNyt9932cbL5vm%0AJyd
> > > > Fl
> > > > rZ
> > > > Lp
> > > > Ml
> > > > M4RCRalCizmRhAyLz7/cKFvwgF4fwdDr/bc%2BOOogVUAfGP6k%2BWmI3%0Aimz
> > > > H/
> > > > XS
> > > > L1
> > > > YA
> > > > fMwF9Seh2k8T7KootMWajTfsD8s0Qfg2is30T/I8OwdWneDCMwbrR%0Aws72KlA
> > > > cI
> > > > wy
> > > > Ok
> > > > LF
> > > > AXiPBpMLlbR9l3y5VnJrIFdHSosoECGG3PpjqTfNxdQE2Ooo7%0AW3IJR6ad3Et
> > > > u4
> > > > w8
> > > > Ew
> > > > HU
> > > > lntwqbtOKkqT4sIw0HBVssUg8IZBRyHMackP5/NpAotNx%0Ar18qJ4ulxrxSL9S
> > > > vy
> > > > qC
> > > > CA
> > > > cc
> > > > wggHDMIIBLKADAgECAiA5QTZDMzkxOEM1NERCOTk0%0ARTdFOTUxNTA1OTgzQTE
> > > > 4M
> > > > TA
> > > > NB
> > > > gk
> > > > qhkiG9w0BAQQFADAYMRYwFAYDVQQDDA0xNzIu%0AMTYuMjQuMjM4MB4XDTE5MDk
> > > > wO
> > > > TA
> > > > 3M
> > > > TI
> > > > zMloXDTE5MDkxNTA5MTIzMlowGDEWMBQG%0AA1UEAwwNMTcyLjE2LjI0LjIzODC
> > > > Bn
> > > > zA
> > > > NB
> > > > gk
> > > > qhkiG9w0BAQEFAAOBjQAwgYkCgYEA%0AsfeobE3UTqt4Sd9vPnyG%2BugzbW9uG
> > > > 1n
> > > > Xl
> > > > m8
> > > > Vv
> > > > 39MACJqfgxU6os8Kh6sElQcjXn5%0AlNiy8L7VAX/Oqyp2SEcb4qAoIMCBMTLN7
> > > > Uz
> > > > RH
> > > > Ip
> > > > QK
> > > > r9c6oZIcvUc0mBWpDbv3jcq%0AdTfF1MoIs2/qyAVPg2f5sZ42V1w8IDZ6TM3JZ
> > > > K6
> > > > /c
> > > > kU
> > > > CA
> > > > wEAATANBgkqhkiG9w0B%0AAQQFAAOBgQATop2OWQJzY3Axds0%2B9PGPAc0xGtl
> > > > UQ
> > > > 46
> > > > 2t
> > > > eC
> > > > wgkm6bbrBr7eYhQeL%0AgsT07aesE%2B37wrtOfmXBucDrdextS6OxW3g5KzC8G
> > > > p1
> > > > yP
> > > > XH
> > > > gl
> > > > t8nUUESy9ooF490%0ATZDBIIQ5yBbMk%2BAYy0IOWQURlNcc8RJ5LmJXnbq4G/e
> > > > tk
> > > > LG
> > > > Gy
> > > > EL
> > > > XxDGCAakwggGl%0AAgEBMDwwGDEWMBQGA1UEAwwNMTcyLjE2LjI0LjIzOAIgOUE
> > > > 2Q
> > > > zM
> > > > 5M
> > > > Th
> > > > DNTREQjk5%0ANEU3RTk1MTUwNTk4M0ExODEwDAYIKoZIhvcNAgUFAKCBwTASBgp
> > > > gh
> > > > kg
> > > > Bh
> > > > vh
> > > > FAQkC%0AMQQTAjE5MBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvc
> > > > NA
> > > > Qk
> > > > FM
> > > > Q8
> > > > X%0ADTE5MDkwOTA3MTIzMlowHwYJKoZIhvcNAQkEMRIEEMhY6izfmIjbrJo0kGb
> > > > Ub
> > > > bQ
> > > > w%
> > > > 0A
> > > > IAYKYIZIAYb4RQEJBTESBBDpm5bmNyqQpJbJXX9leZwfMDAGCmCGSAGG%2BEUBC
> > > > Qc
> > > > x%
> > > > 0A
> > > > Ih
> > > > MgOUE2QzM5MThDNTREQjk5NEU3RTk1MTUwNTk4M0ExODEwDQYJKoZIhvcNAQEB%
> > > > 0A
> > > > BQ
> > > > AE
> > > > gY
> > > > BThSGDFq9BdXNiOmDxxgw03eEEpxHKTn5jwdHnHxR5nLq2IKmVicyAdyuu%0AAx
> > > > /o
> > > > hg
> > > > 2C
> > > > AU
> > > > 8%2Bg%2Bk914OzYWMh611mmKu5UyliRmq5LofTgXxzF3duW6aeRkMWxpDb%0AzM
> > > > p1
> > > > TG
> > > > Xl
> > > > Kr
> > > > yeo1uPpZ5xZ0GGPqbkhsFlgCc2mhn35B7M2bD4jg%3D%3D%0A HTTP/1.0
> > > > 
> > > > sscep: server returned status code 500
> > > > sscep: mime_err: HTTP/1.1 500 
> > > > Content-Type: text/html;charset=utf-8
> > > > Content-Language: en
> > > > Content-Length: 3234
> > > > Date: Mon, 09 Sep 2019 07:12:32 GMT
> > > > Connection: close
> > > > 
> > > > <!doctype html><html lang="en"><head><title>HTTP Status 500 ?
> > > > Internal
> > > > Server Error</title><style type="text/css">h1 {font-
> > > > family:Tahoma,Arial,sans-serif;color:white;background-
> > > > color:#525D76;font-size:22px;} h2 {font-
> > > > family:Tahoma,Arial,sans-
> > > > serif;color:white;background-color:#525D76;font-size:16px;} h3
> > > > {font-
> > > > family:Tahoma,Arial,sans-serif;color:white;background-
> > > > color:#525D76;font-size:14px;} body {font-
> > > > family:Tahoma,Arial,sans-
> > > > serif;color:black;background-color:white;} b {font-
> > > > family:Tahoma,Arial,sans-serif;color:white;background-
> > > > color:#525D76;} 
> > > > p
> > > > {font-family:Tahoma,Arial,sans-
> > > > serif;background:white;color:black;font-
> > > > size:12px;} a {color:black;} a.name {color:black;} .line
> > > > {height:1px;background-
> > > > color:#525D76;border:none;}</style></head><body><h1>HTTP Status
> > > > 500
> > > > ?
> > > > Internal Server Error</h1><hr class="line" /><p><b>Type</b>
> > > > Exception
> > > > Report</p><p><b>Message</b> Couldn&#39;t handle CEP request
> > > > (PKCSReq)
> > > > -
> > > > Could not unwrap PKCS10 blob:
> > > > java.security.cert.CertificateException:
> > > > Error instantiating class for challenge_password
> > > > java.lang.ClassNotFoundException:
> > > > com.netscape.cms.servlet.cert.scep.ChallengePassword</p><p><b>D
> > > > es
> > > > cr
> > > > ip
> > > > ti
> > > > on</b> The server encountered an unexpected condition that
> > > > prevented
> > > > it
> > > > from fulfilling the
> > > > request.</p><p><b>Exception</b></p><pre>javax.servlet.ServletEx
> > > > ce
> > > > pt
> > > > io
> > > > n:
> > > > Couldn&#39;t handle CEP request (PKCSReq) - Could not unwrap
> > > > PKCS10
> > > > blob: java.security.cert.CertificateException: Error
> > > > instantiating
> > > > class for challenge_password java.lang.ClassNotFoundException:
> > > > com.netscape.cms.servlet.cert.scep.ChallengePassword
> > > >         com.netscape.cms.servlet.cert.scep.CRSEnrollment.servic
> > > > e(
> > > > CR
> > > > SE
> > > > nr
> > > > ollment.java:397)
> > > >         javax.servlet.http.HttpServlet.service(HttpServlet.java
> > > > :7
> > > > 41
> > > > )
> > > >         sun.reflect.GeneratedMethodAccessor48.invoke(Unknown
> > > > Source)
> > > >         sun.reflect.DelegatingMethodAccessorImpl.invoke(Delegat
> > > > in
> > > > gM
> > > > et
> > > > ho
> > > > dAccessorImpl.java:43)
> > > >         java.lang.reflect.Method.invoke(Method.java:498)
> > > >         org.apache.catalina.security.SecurityUtil$1.run(Securit
> > > > yU
> > > > ti
> > > > l.
> > > > ja
> > > > va:282)
> > > >         org.apache.catalina.security.SecurityUtil$1.run(Securit
> > > > yU
> > > > ti
> > > > l.
> > > > ja
> > > > va:279)
> > > >         java.security.AccessController.doPrivileged(Native
> > > > Method)
> > > >         javax.security.auth.Subject.doAsPrivileged(Subject.java
> > > > :5
> > > > 49
> > > > )
> > > >         org.apache.catalina.security.SecurityUtil.execute(Secur
> > > > it
> > > > yU
> > > > ti
> > > > l.
> > > > java:314)
> > > >         org.apache.catalina.security.SecurityUtil.doAsPrivilege
> > > > (S
> > > > ec
> > > > ur
> > > > it
> > > > yUtil.java:170)
> > > >         java.security.AccessController.doPrivileged(Native
> > > > Method)
> > > >         org.apache.tomcat.websocket.server.WsFilter.doFilter(Ws
> > > > Fi
> > > > lt
> > > > er
> > > > .j
> > > > ava:53)
> > > >         sun.reflect.GeneratedMethodAccessor47.invoke(Unknown
> > > > Source)
> > > >         sun.reflect.DelegatingMethodAccessorImpl.invoke(Delegat
> > > > in
> > > > gM
> > > > et
> > > > ho
> > > > dAccessorImpl.java:43)
> > > >         java.lang.reflect.Method.invoke(Method.java:498)
> > > >         org.apache.catalina.security.SecurityUtil$1.run(Securit
> > > > yU
> > > > ti
> > > > l.
> > > > ja
> > > > va:282)
> > > >         org.apache.catalina.security.SecurityUtil$1.run(Securit
> > > > yU
> > > > ti
> > > > l.
> > > > ja
> > > > va:279)
> > > >         java.security.AccessController.doPrivileged(Native
> > > > Method)
> > > >         javax.security.auth.Subject.doAsPrivileged(Subject.java
> > > > :5
> > > > 49
> > > > )
> > > >         org.apache.catalina.security.SecurityUtil.execute(Secur
> > > > it
> > > > yU
> > > > ti
> > > > l.
> > > > java:314)
> > > >         org.apache.catalina.security.SecurityUtil.doAsPrivilege
> > > > (S
> > > > ec
> > > > ur
> > > > it
> > > > yUtil.java:253)
> > > > </pre><p><b>Note</b> The full stack trace of the root cause is
> > > > available in the server logs.</p><hr class="line" /><h3>Apache
> > > > Tomcat/9.0.21</h3></body></html>
> > > > sscep: wrong (or missing) MIME content type
> > > > sscep: error while sending message
> > > > 
> > > > 
> > > > Why it is trying to unwrap PKCS10 if we are sending PKCS7 ?
> > > > How it can be fixed ?
> > > > I am sure you know it.
> > > > Please help.
> > > > 
> > > > 
> > > > 
-- 
Pavel Ryabih

PostMet Corporation
http://www.postmet.com 

Call to sip:pr at postmet.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6468 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-users/attachments/20190916/62a619cd/attachment.bin>

From dmoluguw at redhat.com  Mon Sep 16 14:33:37 2019
From: dmoluguw at redhat.com (Dinesh Prasanth Moluguwan Krishnamoorthy)
Date: Mon, 16 Sep 2019 10:33:37 -0400
Subject: [Pki-users] sscep enroll error
In-Reply-To: <a5eee899ee4c6f712f784d14f25eac48586ec989.camel@postmet.com>
References: <4aaa38b598ca9529d5061f0dd2686cbdd7f47451.camel@postmet.com>
	<579d7458101fa73047785be465ca799437405f98.camel@redhat.com>
	<bd714f2882de56f30033efe2cb332a338f241ed7.camel@postmet.com>
	<8a415b307d6729c802bb37c03039fa082f3c8f83.camel@redhat.com>
	<a5eee899ee4c6f712f784d14f25eac48586ec989.camel@postmet.com>
Message-ID: <40c22e64a32a4da8ad55059260a23f9f39ae67e9.camel@redhat.com>

Pavel,

The error you posted seems to be more of a issue with jar
files/classpaths rather than a bug in SCEP itself.

As mentioned before, it is best to try the officially released pki-
core-10.7.3-3 rather than building from master (which might have some
bugs).

If you face the same issue with 10.7.3-3, I'd suggest you to file a bug
against pki-core in https://bugzilla.redhat.com/ with required logs and
we'd be able to investigate deeper.

Regards,
--Dinesh

On Mon, 2019-09-16 at 09:11 +0300, Pavel Ryabikh wrote:
> Dear, Krishnamoorthy,
> 
> We are using Fedora 30 (Fedora 29 was a mistake, sorry):
> 
> $ cat /etc/os-release
> NAME=Fedora
> VERSION="30 (Server Edition)"
> ID=fedora
> VERSION_ID=30
> VERSION_CODENAME=""
> PLATFORM_ID="platform:f30"
> PRETTY_NAME="Fedora 30 (Server Edition)"
> ANSI_COLOR="0;34"
> LOGO=fedora-logo-icon
> CPE_NAME="cpe:/o:fedoraproject:fedora:30"
> HOME_URL="https://fedoraproject.org/"
> DOCUMENTATION_URL="
> https://docs.fedoraproject.org/en-US/fedora/f30/system-administrators-guide/
> "
> SUPPORT_URL="
> https://fedoraproject.org/wiki/Communicating_and_getting_help"
> BUG_REPORT_URL="https://bugzilla.redhat.com/"
> REDHAT_BUGZILLA_PRODUCT="Fedora"
> REDHAT_BUGZILLA_PRODUCT_VERSION=30
> REDHAT_SUPPORT_PRODUCT="Fedora"
> REDHAT_SUPPORT_PRODUCT_VERSION=30
> PRIVACY_POLICY_URL="
> https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
> VARIANT="Server Edition"
> VARIANT_ID=server
> 
> and "pki-server-10.8.0-0.1.fc30.noarch"
> 
> What can be a reason of SCEP bug?
> Can it be fixed?
> How could we use SCEP in this conditions?
> Can you at least point a direction to fix it? or it is hopeless to
> make
> SCEP work?
> 
> 
> On Fri, 2019-09-13 at 15:14 -0400, Dinesh Prasanth Moluguwan
> Krishnamoorthy wrote:
> > On Wed, 2019-09-11 at 09:20 +0300, Pavel Ryabikh wrote:
> > > This is the result of "rpm -qa | grep pki":
> > > 
> > > pki-tools-10.8.0-0.1.fc30.x86_64
> > > pki-javadoc-10.8.0-0.1.fc30.noarch
> > > python3-pki-10.8.0-0.1.fc30.noarch
> > > pki-ca-10.8.0-0.1.fc30.noarch
> > > dogtag-pki-console-theme-10.8.0-0.1.fc30.noarch
> > > pki-server-10.8.0-0.1.fc30.noarch
> > > pki-tks-10.8.0-0.1.fc30.noarch
> > > dogtag-pki-10.8.0-0.1.fc30.x86_64
> > > pki-base-java-10.8.0-0.1.fc30.noarch
> > > pki-symkey-10.8.0-0.1.fc30.x86_64
> > > pki-ocsp-10.8.0-0.1.fc30.noarch
> > > dogtag-pki-server-theme-10.8.0-0.1.fc30.noarch
> > > pki-base-10.8.0-0.1.fc30.noarch
> > > pki-kra-10.8.0-0.1.fc30.noarch
> > > pki-console-10.8.0-0.1.fc30.noarch
> > > pki-tps-10.8.0-0.1.fc30.x86_64
> > > 
> > > Does it help to fix the problem ?
> > Pavel,
> > 
> > No, it does not. But, helps to identify the issue.
> > 
> > As per your original email, you are using Fedora 29 system. But,
> > the
> > packages installed seem to be built on **Fedora 30**. We don't
> > support
> > installing Fedora 30 packages on Fedora 29.
> > 
> > Also, I see that you are using PKI 10.8.0 version. We haven't
> > officially released it on Fedora. The latest official release is
> > pki-
> > core-10.7.3-3
> > 
> > Regards,
> > --Dinesh
> > 
> > > On Tue, 2019-09-10 at 12:16 -0400, Dinesh Prasanth Moluguwan
> > > Krishnamoorthy wrote:
> > > > Hi Pavel,
> > > > 
> > > > There was a recent merger of pki-cmscore.jar into pki-cms.jar
> > > > [1].
> > > > As
> > > > a
> > > > consequence,
> > > > `com.netscape.cms.servlet.cert.scep.ChallengePassword`
> > > > was
> > > > also affected. I suspect there is some mismatch in the
> > > > installed
> > > > version of the packages.
> > > > 
> > > > Can you post the result of:
> > > > 
> > > > `rpm -qa | grep pki` ?
> > > > 
> > > > [1] 
> > > > https://github.com/dogtagpki/pki/commits/master/base/server/src/com/netscape/cms/servlet/cert/scep/ChallengePassword.java
> > > > 
> > > > Regards,
> > > > --Dinesh
> > > > 
> > > > On Mon, 2019-09-09 at 10:32 +0300, Pavel Ryabikh wrote:
> > > > > Hello dear PKI-users!
> > > > > 
> > > > > Our pki system version is:
> > > > > Fedora 29. 
> > > > > pki-server-10.8.0-0.1.fc30.noarch
> > > > > 
> > > > > We are configured SCEP following:
> > > > > https://www.dogtagpki.org/wiki/SCEP_Setup
> > > > > 
> > > > > CS.cfg:
> > > > > ...
> > > > > ca.scep.allowedEncryptionAlgorithms=DES,DES3
> > > > > ca.scep.allowedHashAlgorithms=MD5,SHA1,SHA256,SHA512
> > > > > ca.scep.enable=true
> > > > > ca.scep.encryptionAlgorithm=DES
> > > > > ca.scep.hashAlgorithm=MD5
> > > > > ca.scep.nonceSizeLimit=16
> > > > > ...
> > > > > 
> > > > > we also
> > > > > - installed SSCEP client
> > > > > - generated CA certificate
> > > > > $ sscep getca -u http://$HOSTNAME:8080/ca/cgi-
> > > > > bin/pkiclient.exe
> > > > > -c
> > > > > ca.crt
> > > > > it is checked by
> > > > > $ openssl x509 -in ca.crt -text
> > > > > and it is correct
> > > > > - generated CSR request and a key
> > > > > $ /usr/bin/mkrequest -ip 172.16.24.238 Uojs93wkfd0IS
> > > > > 
> > > > > and when trying to test enroll we are getting the followng
> > > > > error:
> > > > > (Could not unwrap PKCS10 blob:
> > > > > java.security.cert.CertificateException:
> > > > > Error instantiating class for challenge_password
> > > > > java.lang.ClassNotFoundException): 
> > > > > 
> > > > > # sscep enroll -u http://$HOSTNAME:8080/ca/cgi-
> > > > > bin/pkiclient.exe
> > > > > -c
> > > > > ca.crt -k local.key -r local.csr -l cert.crt -d
> > > > > 
> > > > > sscep: starting sscep, version 0.6.1
> > > > > sscep: new transaction
> > > > > sscep: transaction id: D41D8CD98F00B204E9800998ECF8427E
> > > > > sscep: hostname: ca.lvm.postmet.com
> > > > > sscep: directory: ca/cgi-bin/pkiclient.exe
> > > > > sscep: port: 8080
> > > > > sscep:  Read request with transaction id:
> > > > > 9A6C3918C54DB994E7E951505983A181
> > > > > sscep: generating selfsigned certificate
> > > > > sscep: SCEP_OPERATION_ENROLL
> > > > > sscep: sending certificate request
> > > > > sscep: creating inner PKCS#7
> > > > > sscep: inner PKCS#7 in mem BIO 
> > > > > sscep: request data dump 
> > > > > -----BEGIN CERTIFICATE REQUEST-----
> > > > > MIIBmz..........GDEWMBQGA1UEAwwNMTcyLjE2LjI0LjIzODCBnzANBgkqh
> > > > > ki
> > > > > G
> > > > > 9w0BAQEFAAOBjQAwgYkCgYEAsfeobE3UTqt4Sd9vPnyG+ugzbW9uG1nXlm8Vv
> > > > > 39
> > > > > M
> > > > > ACJqfgxU6os8Kh6sElQcjXn5lNiy8L7VAX/Oqyp2SEcb4qAoIMCBMTLN7UzRH
> > > > > Ip
> > > > > Q
> > > > > Kr9c6oZIcvUc0mBWpDbv3jcqdTfF1MoIs2/qyAVPg2f5sZ42V1w8IDZ6TM3JZ
> > > > > K6
> > > > > /
> > > > > ckUCAwEAAaBDMBwGCSqGSIb3DQEJBzEPDA1Vb2pzOTN3a2ZkMElTMCMGCSqGS
> > > > > Ib
> > > > > 3
> > > > > DQEJDjEWMBQwEgYDVR0RAQH/BAgwBocErBAY7jANBgkqhkiG9w0BAQsFAAOBg
> > > > > QA
> > > > > 5
> > > > > URuLsrH0bKtBqrNiaPT1nMQ+fRAJ6Ckjfj/pQsyXO0Nll7blBdbErOtSzDR5y
> > > > > V9
> > > > > 1
> > > > > g6/oin5LPn/RwT1hATfjCniF4UVfotLnFjKQe7icsS82gl2FNT+pG1CjTAqxJ
> > > > > qZ
> > > > > O
> > > > > oBe+ZWzs4cx7wHerjk5u8baz79XFfkQyCdL6QRVlTA==
> > > > > -----END CERTIFICATE REQUEST-----
> > > > > sscep: data payload size: 415 bytes
> > > > > 
> > > > >  sscep: hexdump request payload 
> > > > > 3082019b3082010402010030183116301406035504030c0d3137322e31362
> > > > > e3
> > > > > 23
> > > > > 42
> > > > > e3
> > > > > 23
> > > > > 33830819f300d06092a864886f70d010101050003818d0030818902818100
> > > > > b1
> > > > > f7
> > > > > a8
> > > > > 6c
> > > > > 4d
> > > > > d44eab7849df6f3e7c86fae8336d6f6e1b59d7966f15bf7f4c00226a7e0c5
> > > > > 4e
> > > > > a8
> > > > > b3
> > > > > c2
> > > > > a1
> > > > > eac12541c8d79f994d8b2f0bed5017fceab2a7648471be2a02820c0813132
> > > > > cd
> > > > > ed
> > > > > 4c
> > > > > d1
> > > > > 1c
> > > > > 8a502abf5cea864872f51cd26056a436efde372a7537c5d4ca08b36feac80
> > > > > 54
> > > > > f8
> > > > > 36
> > > > > 7f
> > > > > 9b
> > > > > 19e36575c3c20367a4ccdc964aebf72450203010001a043301c06092a8648
> > > > > 86
> > > > > f7
> > > > > 0d
> > > > > 01
> > > > > 09
> > > > > 07310f0c0d556f6a733933776b6664304953302306092a864886f70d01090
> > > > > e3
> > > > > 11
> > > > > 63
> > > > > 01
> > > > > 43
> > > > > 0120603551d110101ff040830068704ac1018ee300d06092a864886f70d01
> > > > > 01
> > > > > 0b
> > > > > 05
> > > > > 00
> > > > > 03
> > > > > 81810039511b8bb2b1f46cab41aab36268f4f59cc43e7d1009e829237e3fe
> > > > > 94
> > > > > 2c
> > > > > c9
> > > > > 73
> > > > > b4
> > > > > 36597b6e505d6c4aceb52cc3479c95f7583afe88a7e4b3e7fd1c13d610137
> > > > > e3
> > > > > 0a
> > > > > 78
> > > > > 85
> > > > > e1
> > > > > 455fa2d2e71632907bb89cb12f36825d85353fa91b50a34c0ab126a64ea01
> > > > > 7b
> > > > > e6
> > > > > 56
> > > > > ce
> > > > > ce
> > > > > 1cc7bc077ab8e4e6ef1b6b3efd5c57e443209d2fa4115654c
> > > > >  sscep: hexdump payload 415 
> > > > > sscep: successfully encrypted payload
> > > > > sscep: envelope size: 956 bytes
> > > > > sscep: printing PEM fomatted PKCS#7
> > > > > -----BEGIN PKCS7-----
> > > > > MIIDu..........NAQcDoIIDqTCCA6UCAQAxggHYMIIB1AIBADCBuzCBpTELM
> > > > > Ak
> > > > > G
> > > > > A1UEBhMCU0MxGTAXBgNVBAgTEE1haGUsIFNleWNoZWxsZXMxHDAaBgNVBAoTE
> > > > > 1B
> > > > > v
> > > > > c3RNZXQgQ29ycG9yYXRpb24xGTAXBgNVBAsTEFNTTCBrZXkgZGl2aXNpb24xI
> > > > > DA
> > > > > e
> > > > > BgNVBAMTF1Bvc3RNZXQgUm9vdCBDQSBDbGFzcyAxMSAwHgYJKoZIhvcNAQkBF
> > > > > hF
> > > > > h
> > > > > ZG1pbkBwb3N0bWV0LmNvbQIRE0hlg2RXY0h1Y0doMWQ1h8EwDQYJKoZIhvcNA
> > > > > QE
> > > > > B
> > > > > BQAEggEAgHq5KowCLbOAX/E3YRrheGwmQqHHHCf2mPHEAx835nifRSd1pPbU9
> > > > > 58
> > > > > 7
> > > > > 8zOFihn+BY76caLss0eJyjTmh68mksh9Qzgc8sewyPWWgq2ilnE3eZtiiGpjf
> > > > > 6G
> > > > > j
> > > > > e7AN38gY4y6MU0NU04r/E16tcPAuP+/7mmrr+Lh4PYxSn/LkXFy9GOdnGaTma
> > > > > ph
> > > > > v
> > > > > L0qwxb1pS4OO765cumy5IFyJHAn3O5EyNJYuxNPuoXu8azxACKb19SVnEuay0
> > > > > Z2
> > > > > W
> > > > > L0/WCYMNpN6kdX/1KceTlg6Gu8oxqVwBvHUewLvn91Lyy8d+EgPMJOPTXRnZS
> > > > > C4
> > > > > 9
> > > > > U4AUes2yA9Idbt4ZLNNIktdsK6MhgjCCAcIGCSqGSIb3DQEHATARBgUrDgMCB
> > > > > wQ
> > > > > I
> > > > > +d5X8SPX45KAggGg1CRRmVhAwHcj2zE7uScsfMUzyDiuw3c7fdy3W653pYswY
> > > > > Ve
> > > > > l
> > > > > CpqQbK6chMv6ya1OCi3G1dMY3+M1sa21nc30tpAeF1MonFD9YSTuvTJVYHo5g
> > > > > Ao
> > > > > b
> > > > > mjnhNsYL+7H0VGWiRzmDNG+HzgUzQbrdk5vFd/4Wbc5UMTy++7PdXO8e+e300
> > > > > FT
> > > > > l
> > > > > iM96uijNS6QoZruM8vp2eNn1IymLwFv8xfwibJnzAz0SYXpbRJK9I+39g5rGA
> > > > > 1/
> > > > > s
> > > > > uTRAa7W2Bc4lp71ROdsHBH3aJDYkzcrffd9nGy+b5icnRZa2S6TJTOEQkWpQo
> > > > > s5
> > > > > k
> > > > > YQMi8+/3Chb8IBeH8HQ6/23PjjqIFVAHxj+pPlpiN4psx/10i9WAHzMBfUnod
> > > > > pP
> > > > > E
> > > > > +yqKLTFmo037A/LNEH4NorN9E/yPDsHVp3gwjMG60cLO9ipQHCMMjpCxQF4jw
> > > > > aT
> > > > > C
> > > > > 5W0fZd8uVZyayBXR0qLKBAhhtz6Y6k3zcXUBNjqKO1tyCUemndxLbuMPBMB1J
> > > > > Z7
> > > > > c
> > > > > Km7TipKk+LCMNBwVbLFIPCGQUchzGnJD+fzaQKLTca9fKieLpca8Ui/Ur8o=
> > > > > -----END PKCS7-----
> > > > > sscep: creating outer PKCS#7
> > > > > sscep: signature added successfully
> > > > > sscep: adding signed attributes
> > > > > sscep: adding string attribute transId
> > > > > sscep: adding string attribute messageType
> > > > > sscep: adding octet attribute senderNonce
> > > > > sscep: PKCS#7 data written successfully
> > > > > sscep: printing PEM fomatted PKCS#7
> > > > > -----BEGIN PKCS7-----
> > > > > MIIHc..........NAQcCoIIHYjCCB14CAQExDjAMBggqhkiG9w0CBQUAMIIDz
> > > > > wY
> > > > > J
> > > > > KoZIhvcNAQcBoIIDwASCA7wwggO4BgkqhkiG9w0BBwOgggOpMIIDpQIBADGCA
> > > > > dg
> > > > > w
> > > > > ggHUAgEAMIG7MIGlMQswCQYDVQQGEwJTQzEZMBcGA1UECBMQTWFoZSwgU2V5Y
> > > > > 2h
> > > > > l
> > > > > bGxlczEcMBoGA1UEChMTUG9zdE1ldCBDb3Jwb3JhdGlvbjEZMBcGA1UECxMQU
> > > > > 1N
> > > > > M
> > > > > IGtleSBkaXZpc2lvbjEgMB4GA1UEAxMXUG9zdE1ldCBSb290IENBIENsYXNzI
> > > > > DE
> > > > > x
> > > > > IDAeBgkqhkiG9w0BCQEWEWFkbWluQHBvc3RtZXQuY29tAhETSGWDZFdjSHVjR
> > > > > 2g
> > > > > x
> > > > > ZDWHwTANBgkqhkiG9w0BAQEFAASCAQCAerkqjAIts4Bf8TdhGuF4bCZCocccJ
> > > > > /a
> > > > > Y
> > > > > 8cQDHzfmeJ9FJ3Wk9tT3nzvzM4WKGf4FjvpxouyzR4nKNOaHryaSyH1DOBzyx
> > > > > 7D
> > > > > I
> > > > > 9ZaCraKWcTd5m2KIamN/oaN7sA3fyBjjLoxTQ1TTiv8TXq1w8C4/7/uaauv4u
> > > > > Hg
> > > > > 9
> > > > > jFKf8uRcXL0Y52cZpOZqmG8vSrDFvWlLg47vrly6bLkgXIkcCfc7kTI0li7E0
> > > > > +6
> > > > > h
> > > > > e7xrPEAIpvX1JWcS5rLRnZYvT9YJgw2k3qR1f/Upx5OWDoa7yjGpXAG8dR7Au
> > > > > +f
> > > > > 3
> > > > > UvLLx34SA8wk49NdGdlILj1TgBR6zbID0h1u3hks00iS12wroyGCMIIBwgYJK
> > > > > oZ
> > > > > I
> > > > > hvcNAQcBMBEGBSsOAwIHBAj53lfxI9fjkoCCAaDUJFGZWEDAdyPbMTu5Jyx8x
> > > > > TP
> > > > > I
> > > > > OK7Ddzt93LdbrnelizBhV6UKmpBsrpyEy/rJrU4KLcbV0xjf4zWxrbWdzfS2k
> > > > > B4
> > > > > X
> > > > > UyicUP1hJO69MlVgejmAChuaOeE2xgv7sfRUZaJHOYM0b4fOBTNBut2Tm8V3/
> > > > > hZ
> > > > > t
> > > > > zlQxPL77s91c7x757fTQVOWIz3q6KM1LpChmu4zy+nZ42fUjKYvAW/zF/CJsm
> > > > > fM
> > > > > D
> > > > > PRJheltEkr0j7f2DmsYDX+y5NEBrtbYFziWnvVE52wcEfdokNiTNyt9932cbL
> > > > > 5v
> > > > > m
> > > > > JydFlrZLpMlM4RCRalCizmRhAyLz7/cKFvwgF4fwdDr/bc+OOogVUAfGP6k+W
> > > > > mI
> > > > > 3
> > > > > imzH/XSL1YAfMwF9Seh2k8T7KootMWajTfsD8s0Qfg2is30T/I8OwdWneDCMw
> > > > > br
> > > > > R
> > > > > ws72KlAcIwyOkLFAXiPBpMLlbR9l3y5VnJrIFdHSosoECGG3PpjqTfNxdQE2O
> > > > > oo
> > > > > 7
> > > > > W3IJR6ad3Etu4w8EwHUlntwqbtOKkqT4sIw0HBVssUg8IZBRyHMackP5/NpAo
> > > > > tN
> > > > > x
> > > > > r18qJ4ulxrxSL9SvyqCCAccwggHDMIIBLKADAgECAiA5QTZDMzkxOEM1NERCO
> > > > > Tk
> > > > > 0
> > > > > RTdFOTUxNTA1OTgzQTE4MTANBgkqhkiG9w0BAQQFADAYMRYwFAYDVQQDDA0xN
> > > > > zI
> > > > > u
> > > > > MTYuMjQuMjM4MB4XDTE5MDkwOTA3MTIzMloXDTE5MDkxNTA5MTIzMlowGDEWM
> > > > > BQ
> > > > > G
> > > > > A1UEAwwNMTcyLjE2LjI0LjIzODCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCg
> > > > > YE
> > > > > A
> > > > > sfeobE3UTqt4Sd9vPnyG+ugzbW9uG1nXlm8Vv39MACJqfgxU6os8Kh6sElQcj
> > > > > Xn
> > > > > 5
> > > > > lNiy8L7VAX/Oqyp2SEcb4qAoIMCBMTLN7UzRHIpQKr9c6oZIcvUc0mBWpDbv3
> > > > > jc
> > > > > q
> > > > > dTfF1MoIs2/qyAVPg2f5sZ42V1w8IDZ6TM3JZK6/ckUCAwEAATANBgkqhkiG9
> > > > > w0
> > > > > B
> > > > > AQQFAAOBgQATop2OWQJzY3Axds0+9PGPAc0xGtlUQ462teCwgkm6bbrBr7eYh
> > > > > Qe
> > > > > L
> > > > > gsT07aesE+37wrtOfmXBucDrdextS6OxW3g5KzC8Gp1yPXHglt8nUUESy9ooF
> > > > > 49
> > > > > 0
> > > > > TZDBIIQ5yBbMk+AYy0IOWQURlNcc8RJ5LmJXnbq4G/etkLGGyELXxDGCAakwg
> > > > > gG
> > > > > l
> > > > > AgEBMDwwGDEWMBQGA1UEAwwNMTcyLjE2LjI0LjIzOAIgOUE2QzM5MThDNTREQ
> > > > > jk
> > > > > 5
> > > > > NEU3RTk1MTUwNTk4M0ExODEwDAYIKoZIhvcNAgUFAKCBwTASBgpghkgBhvhFA
> > > > > Qk
> > > > > C
> > > > > MQQTAjE5MBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFM
> > > > > Q8
> > > > > X
> > > > > DTE5MDkwOTA3MTIzMlowHwYJKoZIhvcNAQkEMRIEEMhY6izfmIjbrJo0kGbUb
> > > > > bQ
> > > > > w
> > > > > IAYKYIZIAYb4RQEJBTESBBDpm5bmNyqQpJbJXX9leZwfMDAGCmCGSAGG+EUBC
> > > > > Qc
> > > > > x
> > > > > IhMgOUE2QzM5MThDNTREQjk5NEU3RTk1MTUwNTk4M0ExODEwDQYJKoZIhvcNA
> > > > > QE
> > > > > B
> > > > > BQAEgYBThSGDFq9BdXNiOmDxxgw03eEEpxHKTn5jwdHnHxR5nLq2IKmVicyAd
> > > > > yu
> > > > > u
> > > > > Ax/ohg2CAU8+g+k914OzYWMh611mmKu5UyliRmq5LofTgXxzF3duW6aeRkMWx
> > > > > pD
> > > > > b
> > > > > zMp1TGXlKryeo1uPpZ5xZ0GGPqbkhsFlgCc2mhn35B7M2bD4jg==
> > > > > -----END PKCS7-----
> > > > > sscep: applying base64 encoding
> > > > > sscep: base64 encoded payload size: 2588 bytes
> > > > > sscep: scep msg: GET /ca/cgi-
> > > > > bin/pkiclient.exe?operation=PKIOperation&message=MIIHc.......
> > > > > ..
> > > > > .N
> > > > > AQ
> > > > > cC
> > > > > oI
> > > > > IHYjCCB14CAQExDjAMBggqhkiG9w0CBQUAMIIDzwYJ%0AKoZIhvcNAQcBoIID
> > > > > wA
> > > > > SC
> > > > > A7
> > > > > ww
> > > > > gg
> > > > > O4BgkqhkiG9w0BBwOgggOpMIIDpQIBADGCAdgw%0AggHUAgEAMIG7MIGlMQsw
> > > > > CQ
> > > > > YD
> > > > > VQ
> > > > > QG
> > > > > Ew
> > > > > JTQzEZMBcGA1UECBMQTWFoZSwgU2V5Y2hl%0AbGxlczEcMBoGA1UEChMTUG9z
> > > > > dE
> > > > > 1l
> > > > > dC
> > > > > BD
> > > > > b3
> > > > > Jwb3JhdGlvbjEZMBcGA1UECxMQU1NM%0AIGtleSBkaXZpc2lvbjEgMB4GA1UE
> > > > > Ax
> > > > > MX
> > > > > UG
> > > > > 9z
> > > > > dE
> > > > > 1ldCBSb290IENBIENsYXNzIDEx%0AIDAeBgkqhkiG9w0BCQEWEWFkbWluQHBv
> > > > > c3
> > > > > Rt
> > > > > ZX
> > > > > Qu
> > > > > Y2
> > > > > 9tAhETSGWDZFdjSHVjR2gx%0AZDWHwTANBgkqhkiG9w0BAQEFAASCAQCAerkq
> > > > > jA
> > > > > It
> > > > > s4
> > > > > Bf
> > > > > 8T
> > > > > dhGuF4bCZCocccJ/aY%0A8cQDHzfmeJ9FJ3Wk9tT3nzvzM4WKGf4Fjvpxouyz
> > > > > R4
> > > > > nK
> > > > > NO
> > > > > aH
> > > > > ry
> > > > > aSyH1DOBzyx7DI%0A9ZaCraKWcTd5m2KIamN/oaN7sA3fyBjjLoxTQ1TTiv8T
> > > > > Xq
> > > > > 1w
> > > > > 8C
> > > > > 4/
> > > > > 7/
> > > > > uaauv4uHg9%0AjFKf8uRcXL0Y52cZpOZqmG8vSrDFvWlLg47vrly6bLkgXIkc
> > > > > Cf
> > > > > c7
> > > > > kT
> > > > > I0
> > > > > li
> > > > > 7E0%2B6h%0Ae7xrPEAIpvX1JWcS5rLRnZYvT9YJgw2k3qR1f/Upx5OWDoa7yj
> > > > > Gp
> > > > > XA
> > > > > G8
> > > > > dR
> > > > > 7A
> > > > > u%2Bf3%0AUvLLx34SA8wk49NdGdlILj1TgBR6zbID0h1u3hks00iS12wroyGC
> > > > > MI
> > > > > IB
> > > > > wg
> > > > > YJ
> > > > > Ko
> > > > > ZI%0AhvcNAQcBMBEGBSsOAwIHBAj53lfxI9fjkoCCAaDUJFGZWEDAdyPbMTu5
> > > > > Jy
> > > > > x8
> > > > > xT
> > > > > PI
> > > > > %0
> > > > > AOK7Ddzt93LdbrnelizBhV6UKmpBsrpyEy/rJrU4KLcbV0xjf4zWxrbWdzfS2
> > > > > kB
> > > > > 4X
> > > > > %0
> > > > > AU
> > > > > yi
> > > > > cUP1hJO69MlVgejmAChuaOeE2xgv7sfRUZaJHOYM0b4fOBTNBut2Tm8V3/hZt
> > > > > %0
> > > > > Az
> > > > > lQ
> > > > > xP
> > > > > L7
> > > > > 7s91c7x757fTQVOWIz3q6KM1LpChmu4zy%2BnZ42fUjKYvAW/zF/CJsmfMD%0
> > > > > AP
> > > > > RJ
> > > > > he
> > > > > lt
> > > > > Ek
> > > > > r0j7f2DmsYDX%2By5NEBrtbYFziWnvVE52wcEfdokNiTNyt9932cbL5vm%0AJ
> > > > > yd
> > > > > Fl
> > > > > rZ
> > > > > Lp
> > > > > Ml
> > > > > M4RCRalCizmRhAyLz7/cKFvwgF4fwdDr/bc%2BOOogVUAfGP6k%2BWmI3%0Ai
> > > > > mz
> > > > > H/
> > > > > XS
> > > > > L1
> > > > > YA
> > > > > fMwF9Seh2k8T7KootMWajTfsD8s0Qfg2is30T/I8OwdWneDCMwbrR%0Aws72K
> > > > > lA
> > > > > cI
> > > > > wy
> > > > > Ok
> > > > > LF
> > > > > AXiPBpMLlbR9l3y5VnJrIFdHSosoECGG3PpjqTfNxdQE2Ooo7%0AW3IJR6ad3
> > > > > Et
> > > > > u4
> > > > > w8
> > > > > Ew
> > > > > HU
> > > > > lntwqbtOKkqT4sIw0HBVssUg8IZBRyHMackP5/NpAotNx%0Ar18qJ4ulxrxSL
> > > > > 9S
> > > > > vy
> > > > > qC
> > > > > CA
> > > > > cc
> > > > > wggHDMIIBLKADAgECAiA5QTZDMzkxOEM1NERCOTk0%0ARTdFOTUxNTA1OTgzQ
> > > > > TE
> > > > > 4M
> > > > > TA
> > > > > NB
> > > > > gk
> > > > > qhkiG9w0BAQQFADAYMRYwFAYDVQQDDA0xNzIu%0AMTYuMjQuMjM4MB4XDTE5M
> > > > > Dk
> > > > > wO
> > > > > TA
> > > > > 3M
> > > > > TI
> > > > > zMloXDTE5MDkxNTA5MTIzMlowGDEWMBQG%0AA1UEAwwNMTcyLjE2LjI0LjIzO
> > > > > DC
> > > > > Bn
> > > > > zA
> > > > > NB
> > > > > gk
> > > > > qhkiG9w0BAQEFAAOBjQAwgYkCgYEA%0AsfeobE3UTqt4Sd9vPnyG%2BugzbW9
> > > > > uG
> > > > > 1n
> > > > > Xl
> > > > > m8
> > > > > Vv
> > > > > 39MACJqfgxU6os8Kh6sElQcjXn5%0AlNiy8L7VAX/Oqyp2SEcb4qAoIMCBMTL
> > > > > N7
> > > > > Uz
> > > > > RH
> > > > > Ip
> > > > > QK
> > > > > r9c6oZIcvUc0mBWpDbv3jcq%0AdTfF1MoIs2/qyAVPg2f5sZ42V1w8IDZ6TM3
> > > > > JZ
> > > > > K6
> > > > > /c
> > > > > kU
> > > > > CA
> > > > > wEAATANBgkqhkiG9w0B%0AAQQFAAOBgQATop2OWQJzY3Axds0%2B9PGPAc0xG
> > > > > tl
> > > > > UQ
> > > > > 46
> > > > > 2t
> > > > > eC
> > > > > wgkm6bbrBr7eYhQeL%0AgsT07aesE%2B37wrtOfmXBucDrdextS6OxW3g5KzC
> > > > > 8G
> > > > > p1
> > > > > yP
> > > > > XH
> > > > > gl
> > > > > t8nUUESy9ooF490%0ATZDBIIQ5yBbMk%2BAYy0IOWQURlNcc8RJ5LmJXnbq4G
> > > > > /e
> > > > > tk
> > > > > LG
> > > > > Gy
> > > > > EL
> > > > > XxDGCAakwggGl%0AAgEBMDwwGDEWMBQGA1UEAwwNMTcyLjE2LjI0LjIzOAIgO
> > > > > UE
> > > > > 2Q
> > > > > zM
> > > > > 5M
> > > > > Th
> > > > > DNTREQjk5%0ANEU3RTk1MTUwNTk4M0ExODEwDAYIKoZIhvcNAgUFAKCBwTASB
> > > > > gp
> > > > > gh
> > > > > kg
> > > > > Bh
> > > > > vh
> > > > > FAQkC%0AMQQTAjE5MBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIh
> > > > > vc
> > > > > NA
> > > > > Qk
> > > > > FM
> > > > > Q8
> > > > > X%0ADTE5MDkwOTA3MTIzMlowHwYJKoZIhvcNAQkEMRIEEMhY6izfmIjbrJo0k
> > > > > Gb
> > > > > Ub
> > > > > bQ
> > > > > w%
> > > > > 0A
> > > > > IAYKYIZIAYb4RQEJBTESBBDpm5bmNyqQpJbJXX9leZwfMDAGCmCGSAGG%2BEU
> > > > > BC
> > > > > Qc
> > > > > x%
> > > > > 0A
> > > > > Ih
> > > > > MgOUE2QzM5MThDNTREQjk5NEU3RTk1MTUwNTk4M0ExODEwDQYJKoZIhvcNAQE
> > > > > B%
> > > > > 0A
> > > > > BQ
> > > > > AE
> > > > > gY
> > > > > BThSGDFq9BdXNiOmDxxgw03eEEpxHKTn5jwdHnHxR5nLq2IKmVicyAdyuu%0A
> > > > > Ax
> > > > > /o
> > > > > hg
> > > > > 2C
> > > > > AU
> > > > > 8%2Bg%2Bk914OzYWMh611mmKu5UyliRmq5LofTgXxzF3duW6aeRkMWxpDb%0A
> > > > > zM
> > > > > p1
> > > > > TG
> > > > > Xl
> > > > > Kr
> > > > > yeo1uPpZ5xZ0GGPqbkhsFlgCc2mhn35B7M2bD4jg%3D%3D%0A HTTP/1.0
> > > > > 
> > > > > sscep: server returned status code 500
> > > > > sscep: mime_err: HTTP/1.1 500 
> > > > > Content-Type: text/html;charset=utf-8
> > > > > Content-Language: en
> > > > > Content-Length: 3234
> > > > > Date: Mon, 09 Sep 2019 07:12:32 GMT
> > > > > Connection: close
> > > > > 
> > > > > <!doctype html><html lang="en"><head><title>HTTP Status 500 ?
> > > > > Internal
> > > > > Server Error</title><style type="text/css">h1 {font-
> > > > > family:Tahoma,Arial,sans-serif;color:white;background-
> > > > > color:#525D76;font-size:22px;} h2 {font-
> > > > > family:Tahoma,Arial,sans-
> > > > > serif;color:white;background-color:#525D76;font-size:16px;}
> > > > > h3
> > > > > {font-
> > > > > family:Tahoma,Arial,sans-serif;color:white;background-
> > > > > color:#525D76;font-size:14px;} body {font-
> > > > > family:Tahoma,Arial,sans-
> > > > > serif;color:black;background-color:white;} b {font-
> > > > > family:Tahoma,Arial,sans-serif;color:white;background-
> > > > > color:#525D76;} 
> > > > > p
> > > > > {font-family:Tahoma,Arial,sans-
> > > > > serif;background:white;color:black;font-
> > > > > size:12px;} a {color:black;} a.name {color:black;} .line
> > > > > {height:1px;background-
> > > > > color:#525D76;border:none;}</style></head><body><h1>HTTP
> > > > > Status
> > > > > 500
> > > > > ?
> > > > > Internal Server Error</h1><hr class="line" /><p><b>Type</b>
> > > > > Exception
> > > > > Report</p><p><b>Message</b> Couldn&#39;t handle CEP request
> > > > > (PKCSReq)
> > > > > -
> > > > > Could not unwrap PKCS10 blob:
> > > > > java.security.cert.CertificateException:
> > > > > Error instantiating class for challenge_password
> > > > > java.lang.ClassNotFoundException:
> > > > > com.netscape.cms.servlet.cert.scep.ChallengePassword</p><p><b
> > > > > >D
> > > > > es
> > > > > cr
> > > > > ip
> > > > > ti
> > > > > on</b> The server encountered an unexpected condition that
> > > > > prevented
> > > > > it
> > > > > from fulfilling the
> > > > > request.</p><p><b>Exception</b></p><pre>javax.servlet.Servlet
> > > > > Ex
> > > > > ce
> > > > > pt
> > > > > io
> > > > > n:
> > > > > Couldn&#39;t handle CEP request (PKCSReq) - Could not unwrap
> > > > > PKCS10
> > > > > blob: java.security.cert.CertificateException: Error
> > > > > instantiating
> > > > > class for challenge_password
> > > > > java.lang.ClassNotFoundException:
> > > > > com.netscape.cms.servlet.cert.scep.ChallengePassword
> > > > >         com.netscape.cms.servlet.cert.scep.CRSEnrollment.serv
> > > > > ic
> > > > > e(
> > > > > CR
> > > > > SE
> > > > > nr
> > > > > ollment.java:397)
> > > > >         javax.servlet.http.HttpServlet.service(HttpServlet.ja
> > > > > va
> > > > > :7
> > > > > 41
> > > > > )
> > > > >         sun.reflect.GeneratedMethodAccessor48.invoke(Unknown
> > > > > Source)
> > > > >         sun.reflect.DelegatingMethodAccessorImpl.invoke(Deleg
> > > > > at
> > > > > in
> > > > > gM
> > > > > et
> > > > > ho
> > > > > dAccessorImpl.java:43)
> > > > >         java.lang.reflect.Method.invoke(Method.java:498)
> > > > >         org.apache.catalina.security.SecurityUtil$1.run(Secur
> > > > > it
> > > > > yU
> > > > > ti
> > > > > l.
> > > > > ja
> > > > > va:282)
> > > > >         org.apache.catalina.security.SecurityUtil$1.run(Secur
> > > > > it
> > > > > yU
> > > > > ti
> > > > > l.
> > > > > ja
> > > > > va:279)
> > > > >         java.security.AccessController.doPrivileged(Native
> > > > > Method)
> > > > >         javax.security.auth.Subject.doAsPrivileged(Subject.ja
> > > > > va
> > > > > :5
> > > > > 49
> > > > > )
> > > > >         org.apache.catalina.security.SecurityUtil.execute(Sec
> > > > > ur
> > > > > it
> > > > > yU
> > > > > ti
> > > > > l.
> > > > > java:314)
> > > > >         org.apache.catalina.security.SecurityUtil.doAsPrivile
> > > > > ge
> > > > > (S
> > > > > ec
> > > > > ur
> > > > > it
> > > > > yUtil.java:170)
> > > > >         java.security.AccessController.doPrivileged(Native
> > > > > Method)
> > > > >         org.apache.tomcat.websocket.server.WsFilter.doFilter(
> > > > > Ws
> > > > > Fi
> > > > > lt
> > > > > er
> > > > > .j
> > > > > ava:53)
> > > > >         sun.reflect.GeneratedMethodAccessor47.invoke(Unknown
> > > > > Source)
> > > > >         sun.reflect.DelegatingMethodAccessorImpl.invoke(Deleg
> > > > > at
> > > > > in
> > > > > gM
> > > > > et
> > > > > ho
> > > > > dAccessorImpl.java:43)
> > > > >         java.lang.reflect.Method.invoke(Method.java:498)
> > > > >         org.apache.catalina.security.SecurityUtil$1.run(Secur
> > > > > it
> > > > > yU
> > > > > ti
> > > > > l.
> > > > > ja
> > > > > va:282)
> > > > >         org.apache.catalina.security.SecurityUtil$1.run(Secur
> > > > > it
> > > > > yU
> > > > > ti
> > > > > l.
> > > > > ja
> > > > > va:279)
> > > > >         java.security.AccessController.doPrivileged(Native
> > > > > Method)
> > > > >         javax.security.auth.Subject.doAsPrivileged(Subject.ja
> > > > > va
> > > > > :5
> > > > > 49
> > > > > )
> > > > >         org.apache.catalina.security.SecurityUtil.execute(Sec
> > > > > ur
> > > > > it
> > > > > yU
> > > > > ti
> > > > > l.
> > > > > java:314)
> > > > >         org.apache.catalina.security.SecurityUtil.doAsPrivile
> > > > > ge
> > > > > (S
> > > > > ec
> > > > > ur
> > > > > it
> > > > > yUtil.java:253)
> > > > > </pre><p><b>Note</b> The full stack trace of the root cause
> > > > > is
> > > > > available in the server logs.</p><hr class="line"
> > > > > /><h3>Apache
> > > > > Tomcat/9.0.21</h3></body></html>
> > > > > sscep: wrong (or missing) MIME content type
> > > > > sscep: error while sending message
> > > > > 
> > > > > 
> > > > > Why it is trying to unwrap PKCS10 if we are sending PKCS7 ?
> > > > > How it can be fixed ?
> > > > > I am sure you know it.
> > > > > Please help.
> > > > > 
> > > > > 
> > > > > 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/pki-users/attachments/20190916/64936f4f/attachment.sig>

From al at its-lehmann.de  Mon Sep 23 20:00:25 2019
From: al at its-lehmann.de (Arno Lehmann)
Date: Mon, 23 Sep 2019 22:00:25 +0200
Subject: [Pki-users] New Release: PKI 10.7.3 is available for testing
Message-ID: <cdc2e19e-c296-46c8-ac9a-e3d96ba11dbb@its-lehmann.de>

Hi all,

I managed to upgrade my Fedora-based PKI system to Release 31, which is 
not yet ready for production (as I think I found).

Now, after the upgrade, I can enjoy server error 500 messages once the 
web server middleware gets busy:

https://...de:8443/pki/ui/
results in
> HTTP Status 500 ? Internal Server Error
> 
> Type Exception Report
> 
> Message org.apache.jasper.JasperException: Unable to compile class for JSP
> 
> Beschreibung The server encountered an unexpected condition that prevented it from fulfilling the request.
> 
> Exception
> 
> org.apache.jasper.JasperException: org.apache.jasper.JasperException: Unable to compile class for JSP
> 	org.apache.jasper.servlet.JspServletWrapper.handleJspException(JspServletWrapper.java:604)
> 	org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:422)


I can, of course, provide full stacktraces and configuration details.



Configuration is mostly unmodified, but the whole system has been going 
through some upgrades since its first setup.


 From the automatically created debug log, I gather that this:
> 2019-09-23 20:56:41 [https-jsse-nio-8443-exec-9] SEVERE: Servlet.service() for servlet [jsp] in context with path [/pki] threw exception [org.apache.jasper.JasperException: Unable to compile class for JSP] with root cause
> java.security.AccessControlException: access denied ("java.util.PropertyPermission" "tolerateIllegalAmbiguousVarargsInvocation" "read")
> 	at java.security.AccessControlContext.checkPermission(AccessControlContext.java:472)
> 	at java.security.AccessController.checkPermission(AccessController.java:886)
> 	at java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
> 	at java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:1294)
 >       ...

is probably the reason for the failure.


Status of the server, at a first glance, looks ok to me:
> [root at ca2 ~]# pki-server --verbose status  CA2
> Command: status CA2
> INFO: Loading instance: CA2
> INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf
> INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf
> INFO: Loading instance Tomcat config: /etc/pki/CA2/tomcat.conf
> INFO: Loading password config: /etc/pki/CA2/password.conf
> INFO: Loading instance registry: /etc/sysconfig/pki/tomcat/CA2/CA2
> INFO: Loading subsystem: ca
> INFO: Loading subsystem config: /var/lib/pki/CA2/ca/conf/CS.cfg
> INFO: Loading subsystem: ocsp
> INFO: Loading subsystem config: /var/lib/pki/CA2/ocsp/conf/CS.cfg
>   Instance ID: CA2
>   Active: True
>   Unsecure Port: 8080
>   Secure Port: 8443
>   Tomcat Port: 8005
> 
>   CA Subsystem:
>     Type:                Root CA (Security Domain)
>     SD Registration URL: https://ca2.<redacted>.de:8443
>     Enabled:             True
>     Unsecure URL:        http://ca2.<redacted>.de:8080/ca/ee/ca
>     Secure Agent URL:    https://ca2.<redacted>.de:8443/ca/agent/ca
>     Secure EE URL:       https://ca2.<redacted>.de:8443/ca/ee/ca
>     Secure Admin URL:    https://ca2.<redacted>.de:8443/ca/services
>     PKI Console URL:     https://ca2.<redacted>.de:8443/ca
> 
>   OCSP Subsystem:
>     Type:                OCSP
>     SD Registration URL: https://ca2.<redacted>.de:8443
>     Enabled:             True
>     Unsecure URL:        http://ca2.<redacted>.de:8080/ocsp/ee/ocsp/<ocsp request blob>
>     Secure Agent URL:    https://ca2.<redacted>.de:8443/ocsp/agent/ocsp
>     Secure EE URL:       https://ca2.<redacted>.de:8443/ocsp/ee/ocsp/<ocsp request blob>
>     Secure Admin URL:    https://ca2.<redacted>.de:8443/ocsp/services
>     PKI Console URL:     https://ca2.<redacted>.de:8443/ocsp


There's no other PKI instance in place, and I'm not sufficiently skilled 
with dogtag to actually do much with the configuration anyway, so I kept 
my fingers off if as far as I could :-)


Is this a known problem, is there a reasonably simple fix, or is it time 
to load my latest backup?


Thanks,

Arno



-- 
Arno Lehmann

IT-Service Lehmann
Sandstr. 6, 49080 Osnabr?ck



From dmoluguw at redhat.com  Wed Sep 25 18:23:46 2019
From: dmoluguw at redhat.com (Dinesh Prasanth Moluguwan Krishnamoorthy)
Date: Wed, 25 Sep 2019 14:23:46 -0400
Subject: [Pki-users] New Release: PKI 10.7.3 is available for testing
In-Reply-To: <cdc2e19e-c296-46c8-ac9a-e3d96ba11dbb@its-lehmann.de>
References: <cdc2e19e-c296-46c8-ac9a-e3d96ba11dbb@its-lehmann.de>
Message-ID: <a6a20855ae12c56d07ed31100d76f8ee62332b26.camel@redhat.com>

Hello Arno,

As you might be aware, Fedora 31 hasn't reached its GA [1] yet. Fedora
31 is currently in beta and might carry some bugs. We do not support
PKI on unreleased Fedora versions.

Looking at your logs, I see an "access denied" error. This is mostly
due to bug in a different package which might be fixed before the
actual GA.

[1] https://fedoraproject.org/wiki/Releases/31/Schedule

Regards,
--Dinesh

On Mon, 2019-09-23 at 22:00 +0200, Arno Lehmann wrote:
> Hi all,
> 
> I managed to upgrade my Fedora-based PKI system to Release 31, which
> is 
> not yet ready for production (as I think I found).
> 
> Now, after the upgrade, I can enjoy server error 500 messages once
> the 
> web server middleware gets busy:
> 
> https://...de:8443/pki/ui/
> results in
> > HTTP Status 500 ? Internal Server Error
> > 
> > Type Exception Report
> > 
> > Message org.apache.jasper.JasperException: Unable to compile class
> > for JSP
> > 
> > Beschreibung The server encountered an unexpected condition that
> > prevented it from fulfilling the request.
> > 
> > Exception
> > 
> > org.apache.jasper.JasperException:
> > org.apache.jasper.JasperException: Unable to compile class for JSP
> > 	org.apache.jasper.servlet.JspServletWrapper.handleJspException(
> > JspServletWrapper.java:604)
> > 	org.apache.jasper.servlet.JspServletWrapper.service(JspServletW
> > rapper.java:422)
> 
> I can, of course, provide full stacktraces and configuration details.
> 
> 
> 
> Configuration is mostly unmodified, but the whole system has been
> going 
> through some upgrades since its first setup.
> 
> 
>  From the automatically created debug log, I gather that this:
> > 2019-09-23 20:56:41 [https-jsse-nio-8443-exec-9] SEVERE:
> > Servlet.service() for servlet [jsp] in context with path [/pki]
> > threw exception [org.apache.jasper.JasperException: Unable to
> > compile class for JSP] with root cause
> > java.security.AccessControlException: access denied
> > ("java.util.PropertyPermission"
> > "tolerateIllegalAmbiguousVarargsInvocation" "read")
> > 	at
> > java.security.AccessControlContext.checkPermission(AccessControlCon
> > text.java:472)
> > 	at
> > java.security.AccessController.checkPermission(AccessController.jav
> > a:886)
> > 	at
> > java.lang.SecurityManager.checkPermission(SecurityManager.java:549)
> > 	at
> > java.lang.SecurityManager.checkPropertyAccess(SecurityManager.java:
> > 1294)
>  >       ...
> 
> is probably the reason for the failure.
> 
> 
> Status of the server, at a first glance, looks ok to me:
> > [root at ca2 ~]# pki-server --verbose status  CA2
> > Command: status CA2
> > INFO: Loading instance: CA2
> > INFO: Loading global Tomcat config: /etc/tomcat/tomcat.conf
> > INFO: Loading PKI Tomcat config: /usr/share/pki/etc/tomcat.conf
> > INFO: Loading instance Tomcat config: /etc/pki/CA2/tomcat.conf
> > INFO: Loading password config: /etc/pki/CA2/password.conf
> > INFO: Loading instance registry: /etc/sysconfig/pki/tomcat/CA2/CA2
> > INFO: Loading subsystem: ca
> > INFO: Loading subsystem config: /var/lib/pki/CA2/ca/conf/CS.cfg
> > INFO: Loading subsystem: ocsp
> > INFO: Loading subsystem config: /var/lib/pki/CA2/ocsp/conf/CS.cfg
> >   Instance ID: CA2
> >   Active: True
> >   Unsecure Port: 8080
> >   Secure Port: 8443
> >   Tomcat Port: 8005
> > 
> >   CA Subsystem:
> >     Type:                Root CA (Security Domain)
> >     SD Registration URL: https://ca2.<redacted>.de:8443
> >     Enabled:             True
> >     Unsecure URL:        http://ca2.<redacted>.de:8080/ca/ee/ca
> >     Secure Agent URL:    https://ca2.<redacted>.de:8443/ca/agent/ca
> >     Secure EE URL:       https://ca2.<redacted>.de:8443/ca/ee/ca
> >     Secure Admin URL:    https://ca2.<redacted>.de:8443/ca/services
> >     PKI Console URL:     https://ca2.<redacted>.de:8443/ca
> > 
> >   OCSP Subsystem:
> >     Type:                OCSP
> >     SD Registration URL: https://ca2.<redacted>.de:8443
> >     Enabled:             True
> >     Unsecure URL:        
> > http://ca2.<redacted>.de:8080/ocsp/ee/ocsp/<ocsp request blob>
> >     Secure Agent URL:    
> > https://ca2.<redacted>.de:8443/ocsp/agent/ocsp
> >     Secure EE URL:       
> > https://ca2.<redacted>.de:8443/ocsp/ee/ocsp/<ocsp request blob>
> >     Secure Admin URL:    
> > https://ca2.<redacted>.de:8443/ocsp/services
> >     PKI Console URL:     https://ca2.<redacted>.de:8443/ocsp
> 
> There's no other PKI instance in place, and I'm not sufficiently
> skilled 
> with dogtag to actually do much with the configuration anyway, so I
> kept 
> my fingers off if as far as I could :-)
> 
> 
> Is this a known problem, is there a reasonably simple fix, or is it
> time 
> to load my latest backup?
> 
> 
> Thanks,
> 
> Arno
> 
> 
> 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: This is a digitally signed message part
URL: <http://listman.redhat.com/archives/pki-users/attachments/20190925/cf2a9c30/attachment.sig>

From al at its-lehmann.de  Wed Sep 25 20:34:51 2019
From: al at its-lehmann.de (Arno Lehmann)
Date: Wed, 25 Sep 2019 22:34:51 +0200
Subject: [Pki-users] New Release: PKI 10.7.3 is available for testing
In-Reply-To: <a6a20855ae12c56d07ed31100d76f8ee62332b26.camel@redhat.com>
References: <cdc2e19e-c296-46c8-ac9a-e3d96ba11dbb@its-lehmann.de>
	<a6a20855ae12c56d07ed31100d76f8ee62332b26.camel@redhat.com>
Message-ID: <a6c3727d-9db2-f5e7-c7ca-8d259a0fb533@its-lehmann.de>

Hi Dinesh,



On 25.09.19 at 20:23, Dinesh Prasanth Moluguwan Krishnamoorthy wrote:
> Hello Arno,
> 
> As you might be aware, Fedora 31 hasn't reached its GA [1] yet.


Indeed, and that's why I feel kind of stupid, managing to upgrade to a 
beta distro without even noticing...

...
> Looking at your logs, I see an "access denied" error. This is mostly
> due to bug in a different package which might be fixed before the
> actual GA.

Hmm, so no clue on your side, for now. Thanks.

I'll try my backups, I guess :-)

Thanks for the information / confirmation, and also thanks for working 
on something that I use nearly -- well, monthly, but still.

Cheers,

Arno

-- 
Arno Lehmann

IT-Service Lehmann
Sandstr. 6, 49080 Osnabr?ck