[Pki-users] sscep enroll error
Pavel Ryabikh
pr at postmet.com
Mon Sep 16 06:11:54 UTC 2019
Dear, Krishnamoorthy,
We are using Fedora 30 (Fedora 29 was a mistake, sorry):
$ cat /etc/os-release
NAME=Fedora
VERSION="30 (Server Edition)"
ID=fedora
VERSION_ID=30
VERSION_CODENAME=""
PLATFORM_ID="platform:f30"
PRETTY_NAME="Fedora 30 (Server Edition)"
ANSI_COLOR="0;34"
LOGO=fedora-logo-icon
CPE_NAME="cpe:/o:fedoraproject:fedora:30"
HOME_URL="https://fedoraproject.org/"
DOCUMENTATION_URL="
https://docs.fedoraproject.org/en-US/fedora/f30/system-administrators-guide/
"
SUPPORT_URL="
https://fedoraproject.org/wiki/Communicating_and_getting_help"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Fedora"
REDHAT_BUGZILLA_PRODUCT_VERSION=30
REDHAT_SUPPORT_PRODUCT="Fedora"
REDHAT_SUPPORT_PRODUCT_VERSION=30
PRIVACY_POLICY_URL="https://fedoraproject.org/wiki/Legal:PrivacyPolicy"
VARIANT="Server Edition"
VARIANT_ID=server
and "pki-server-10.8.0-0.1.fc30.noarch"
What can be a reason of SCEP bug?
Can it be fixed?
How could we use SCEP in this conditions?
Can you at least point a direction to fix it? or it is hopeless to make
SCEP work?
On Fri, 2019-09-13 at 15:14 -0400, Dinesh Prasanth Moluguwan
Krishnamoorthy wrote:
> On Wed, 2019-09-11 at 09:20 +0300, Pavel Ryabikh wrote:
> > This is the result of "rpm -qa | grep pki":
> >
> > pki-tools-10.8.0-0.1.fc30.x86_64
> > pki-javadoc-10.8.0-0.1.fc30.noarch
> > python3-pki-10.8.0-0.1.fc30.noarch
> > pki-ca-10.8.0-0.1.fc30.noarch
> > dogtag-pki-console-theme-10.8.0-0.1.fc30.noarch
> > pki-server-10.8.0-0.1.fc30.noarch
> > pki-tks-10.8.0-0.1.fc30.noarch
> > dogtag-pki-10.8.0-0.1.fc30.x86_64
> > pki-base-java-10.8.0-0.1.fc30.noarch
> > pki-symkey-10.8.0-0.1.fc30.x86_64
> > pki-ocsp-10.8.0-0.1.fc30.noarch
> > dogtag-pki-server-theme-10.8.0-0.1.fc30.noarch
> > pki-base-10.8.0-0.1.fc30.noarch
> > pki-kra-10.8.0-0.1.fc30.noarch
> > pki-console-10.8.0-0.1.fc30.noarch
> > pki-tps-10.8.0-0.1.fc30.x86_64
> >
> > Does it help to fix the problem ?
> Pavel,
>
> No, it does not. But, helps to identify the issue.
>
> As per your original email, you are using Fedora 29 system. But, the
> packages installed seem to be built on **Fedora 30**. We don't
> support
> installing Fedora 30 packages on Fedora 29.
>
> Also, I see that you are using PKI 10.8.0 version. We haven't
> officially released it on Fedora. The latest official release is pki-
> core-10.7.3-3
>
> Regards,
> --Dinesh
>
> >
> > On Tue, 2019-09-10 at 12:16 -0400, Dinesh Prasanth Moluguwan
> > Krishnamoorthy wrote:
> > > Hi Pavel,
> > >
> > > There was a recent merger of pki-cmscore.jar into pki-cms.jar
> > > [1].
> > > As
> > > a
> > > consequence,
> > > `com.netscape.cms.servlet.cert.scep.ChallengePassword`
> > > was
> > > also affected. I suspect there is some mismatch in the installed
> > > version of the packages.
> > >
> > > Can you post the result of:
> > >
> > > `rpm -qa | grep pki` ?
> > >
> > > [1]
> > > https://github.com/dogtagpki/pki/commits/master/base/server/src/com/netscape/cms/servlet/cert/scep/ChallengePassword.java
> > >
> > > Regards,
> > > --Dinesh
> > >
> > > On Mon, 2019-09-09 at 10:32 +0300, Pavel Ryabikh wrote:
> > > > Hello dear PKI-users!
> > > >
> > > > Our pki system version is:
> > > > Fedora 29.
> > > > pki-server-10.8.0-0.1.fc30.noarch
> > > >
> > > > We are configured SCEP following:
> > > > https://www.dogtagpki.org/wiki/SCEP_Setup
> > > >
> > > > CS.cfg:
> > > > ...
> > > > ca.scep.allowedEncryptionAlgorithms=DES,DES3
> > > > ca.scep.allowedHashAlgorithms=MD5,SHA1,SHA256,SHA512
> > > > ca.scep.enable=true
> > > > ca.scep.encryptionAlgorithm=DES
> > > > ca.scep.hashAlgorithm=MD5
> > > > ca.scep.nonceSizeLimit=16
> > > > ...
> > > >
> > > > we also
> > > > - installed SSCEP client
> > > > - generated CA certificate
> > > > $ sscep getca -u http://$HOSTNAME:8080/ca/cgi-bin/pkiclient.exe
> > > > -c
> > > > ca.crt
> > > > it is checked by
> > > > $ openssl x509 -in ca.crt -text
> > > > and it is correct
> > > > - generated CSR request and a key
> > > > $ /usr/bin/mkrequest -ip 172.16.24.238 Uojs93wkfd0IS
> > > >
> > > > and when trying to test enroll we are getting the followng
> > > > error:
> > > > (Could not unwrap PKCS10 blob:
> > > > java.security.cert.CertificateException:
> > > > Error instantiating class for challenge_password
> > > > java.lang.ClassNotFoundException):
> > > >
> > > > # sscep enroll -u http://$HOSTNAME:8080/ca/cgi-
> > > > bin/pkiclient.exe
> > > > -c
> > > > ca.crt -k local.key -r local.csr -l cert.crt -d
> > > >
> > > > sscep: starting sscep, version 0.6.1
> > > > sscep: new transaction
> > > > sscep: transaction id: D41D8CD98F00B204E9800998ECF8427E
> > > > sscep: hostname: ca.lvm.postmet.com
> > > > sscep: directory: ca/cgi-bin/pkiclient.exe
> > > > sscep: port: 8080
> > > > sscep: Read request with transaction id:
> > > > 9A6C3918C54DB994E7E951505983A181
> > > > sscep: generating selfsigned certificate
> > > > sscep: SCEP_OPERATION_ENROLL
> > > > sscep: sending certificate request
> > > > sscep: creating inner PKCS#7
> > > > sscep: inner PKCS#7 in mem BIO
> > > > sscep: request data dump
> > > > -----BEGIN CERTIFICATE REQUEST-----
> > > > MIIBmz..........GDEWMBQGA1UEAwwNMTcyLjE2LjI0LjIzODCBnzANBgkqhki
> > > > G
> > > > 9w0BAQEFAAOBjQAwgYkCgYEAsfeobE3UTqt4Sd9vPnyG+ugzbW9uG1nXlm8Vv39
> > > > M
> > > > ACJqfgxU6os8Kh6sElQcjXn5lNiy8L7VAX/Oqyp2SEcb4qAoIMCBMTLN7UzRHIp
> > > > Q
> > > > Kr9c6oZIcvUc0mBWpDbv3jcqdTfF1MoIs2/qyAVPg2f5sZ42V1w8IDZ6TM3JZK6
> > > > /
> > > > ckUCAwEAAaBDMBwGCSqGSIb3DQEJBzEPDA1Vb2pzOTN3a2ZkMElTMCMGCSqGSIb
> > > > 3
> > > > DQEJDjEWMBQwEgYDVR0RAQH/BAgwBocErBAY7jANBgkqhkiG9w0BAQsFAAOBgQA
> > > > 5
> > > > URuLsrH0bKtBqrNiaPT1nMQ+fRAJ6Ckjfj/pQsyXO0Nll7blBdbErOtSzDR5yV9
> > > > 1
> > > > g6/oin5LPn/RwT1hATfjCniF4UVfotLnFjKQe7icsS82gl2FNT+pG1CjTAqxJqZ
> > > > O
> > > > oBe+ZWzs4cx7wHerjk5u8baz79XFfkQyCdL6QRVlTA==
> > > > -----END CERTIFICATE REQUEST-----
> > > > sscep: data payload size: 415 bytes
> > > >
> > > > sscep: hexdump request payload
> > > > 3082019b3082010402010030183116301406035504030c0d3137322e31362e3
> > > > 23
> > > > 42
> > > > e3
> > > > 23
> > > > 33830819f300d06092a864886f70d010101050003818d0030818902818100b1
> > > > f7
> > > > a8
> > > > 6c
> > > > 4d
> > > > d44eab7849df6f3e7c86fae8336d6f6e1b59d7966f15bf7f4c00226a7e0c54e
> > > > a8
> > > > b3
> > > > c2
> > > > a1
> > > > eac12541c8d79f994d8b2f0bed5017fceab2a7648471be2a02820c0813132cd
> > > > ed
> > > > 4c
> > > > d1
> > > > 1c
> > > > 8a502abf5cea864872f51cd26056a436efde372a7537c5d4ca08b36feac8054
> > > > f8
> > > > 36
> > > > 7f
> > > > 9b
> > > > 19e36575c3c20367a4ccdc964aebf72450203010001a043301c06092a864886
> > > > f7
> > > > 0d
> > > > 01
> > > > 09
> > > > 07310f0c0d556f6a733933776b6664304953302306092a864886f70d01090e3
> > > > 11
> > > > 63
> > > > 01
> > > > 43
> > > > 0120603551d110101ff040830068704ac1018ee300d06092a864886f70d0101
> > > > 0b
> > > > 05
> > > > 00
> > > > 03
> > > > 81810039511b8bb2b1f46cab41aab36268f4f59cc43e7d1009e829237e3fe94
> > > > 2c
> > > > c9
> > > > 73
> > > > b4
> > > > 36597b6e505d6c4aceb52cc3479c95f7583afe88a7e4b3e7fd1c13d610137e3
> > > > 0a
> > > > 78
> > > > 85
> > > > e1
> > > > 455fa2d2e71632907bb89cb12f36825d85353fa91b50a34c0ab126a64ea017b
> > > > e6
> > > > 56
> > > > ce
> > > > ce
> > > > 1cc7bc077ab8e4e6ef1b6b3efd5c57e443209d2fa4115654c
> > > > sscep: hexdump payload 415
> > > > sscep: successfully encrypted payload
> > > > sscep: envelope size: 956 bytes
> > > > sscep: printing PEM fomatted PKCS#7
> > > > -----BEGIN PKCS7-----
> > > > MIIDu..........NAQcDoIIDqTCCA6UCAQAxggHYMIIB1AIBADCBuzCBpTELMAk
> > > > G
> > > > A1UEBhMCU0MxGTAXBgNVBAgTEE1haGUsIFNleWNoZWxsZXMxHDAaBgNVBAoTE1B
> > > > v
> > > > c3RNZXQgQ29ycG9yYXRpb24xGTAXBgNVBAsTEFNTTCBrZXkgZGl2aXNpb24xIDA
> > > > e
> > > > BgNVBAMTF1Bvc3RNZXQgUm9vdCBDQSBDbGFzcyAxMSAwHgYJKoZIhvcNAQkBFhF
> > > > h
> > > > ZG1pbkBwb3N0bWV0LmNvbQIRE0hlg2RXY0h1Y0doMWQ1h8EwDQYJKoZIhvcNAQE
> > > > B
> > > > BQAEggEAgHq5KowCLbOAX/E3YRrheGwmQqHHHCf2mPHEAx835nifRSd1pPbU958
> > > > 7
> > > > 8zOFihn+BY76caLss0eJyjTmh68mksh9Qzgc8sewyPWWgq2ilnE3eZtiiGpjf6G
> > > > j
> > > > e7AN38gY4y6MU0NU04r/E16tcPAuP+/7mmrr+Lh4PYxSn/LkXFy9GOdnGaTmaph
> > > > v
> > > > L0qwxb1pS4OO765cumy5IFyJHAn3O5EyNJYuxNPuoXu8azxACKb19SVnEuay0Z2
> > > > W
> > > > L0/WCYMNpN6kdX/1KceTlg6Gu8oxqVwBvHUewLvn91Lyy8d+EgPMJOPTXRnZSC4
> > > > 9
> > > > U4AUes2yA9Idbt4ZLNNIktdsK6MhgjCCAcIGCSqGSIb3DQEHATARBgUrDgMCBwQ
> > > > I
> > > > +d5X8SPX45KAggGg1CRRmVhAwHcj2zE7uScsfMUzyDiuw3c7fdy3W653pYswYVe
> > > > l
> > > > CpqQbK6chMv6ya1OCi3G1dMY3+M1sa21nc30tpAeF1MonFD9YSTuvTJVYHo5gAo
> > > > b
> > > > mjnhNsYL+7H0VGWiRzmDNG+HzgUzQbrdk5vFd/4Wbc5UMTy++7PdXO8e+e300FT
> > > > l
> > > > iM96uijNS6QoZruM8vp2eNn1IymLwFv8xfwibJnzAz0SYXpbRJK9I+39g5rGA1/
> > > > s
> > > > uTRAa7W2Bc4lp71ROdsHBH3aJDYkzcrffd9nGy+b5icnRZa2S6TJTOEQkWpQos5
> > > > k
> > > > YQMi8+/3Chb8IBeH8HQ6/23PjjqIFVAHxj+pPlpiN4psx/10i9WAHzMBfUnodpP
> > > > E
> > > > +yqKLTFmo037A/LNEH4NorN9E/yPDsHVp3gwjMG60cLO9ipQHCMMjpCxQF4jwaT
> > > > C
> > > > 5W0fZd8uVZyayBXR0qLKBAhhtz6Y6k3zcXUBNjqKO1tyCUemndxLbuMPBMB1JZ7
> > > > c
> > > > Km7TipKk+LCMNBwVbLFIPCGQUchzGnJD+fzaQKLTca9fKieLpca8Ui/Ur8o=
> > > > -----END PKCS7-----
> > > > sscep: creating outer PKCS#7
> > > > sscep: signature added successfully
> > > > sscep: adding signed attributes
> > > > sscep: adding string attribute transId
> > > > sscep: adding string attribute messageType
> > > > sscep: adding octet attribute senderNonce
> > > > sscep: PKCS#7 data written successfully
> > > > sscep: printing PEM fomatted PKCS#7
> > > > -----BEGIN PKCS7-----
> > > > MIIHc..........NAQcCoIIHYjCCB14CAQExDjAMBggqhkiG9w0CBQUAMIIDzwY
> > > > J
> > > > KoZIhvcNAQcBoIIDwASCA7wwggO4BgkqhkiG9w0BBwOgggOpMIIDpQIBADGCAdg
> > > > w
> > > > ggHUAgEAMIG7MIGlMQswCQYDVQQGEwJTQzEZMBcGA1UECBMQTWFoZSwgU2V5Y2h
> > > > l
> > > > bGxlczEcMBoGA1UEChMTUG9zdE1ldCBDb3Jwb3JhdGlvbjEZMBcGA1UECxMQU1N
> > > > M
> > > > IGtleSBkaXZpc2lvbjEgMB4GA1UEAxMXUG9zdE1ldCBSb290IENBIENsYXNzIDE
> > > > x
> > > > IDAeBgkqhkiG9w0BCQEWEWFkbWluQHBvc3RtZXQuY29tAhETSGWDZFdjSHVjR2g
> > > > x
> > > > ZDWHwTANBgkqhkiG9w0BAQEFAASCAQCAerkqjAIts4Bf8TdhGuF4bCZCocccJ/a
> > > > Y
> > > > 8cQDHzfmeJ9FJ3Wk9tT3nzvzM4WKGf4FjvpxouyzR4nKNOaHryaSyH1DOBzyx7D
> > > > I
> > > > 9ZaCraKWcTd5m2KIamN/oaN7sA3fyBjjLoxTQ1TTiv8TXq1w8C4/7/uaauv4uHg
> > > > 9
> > > > jFKf8uRcXL0Y52cZpOZqmG8vSrDFvWlLg47vrly6bLkgXIkcCfc7kTI0li7E0+6
> > > > h
> > > > e7xrPEAIpvX1JWcS5rLRnZYvT9YJgw2k3qR1f/Upx5OWDoa7yjGpXAG8dR7Au+f
> > > > 3
> > > > UvLLx34SA8wk49NdGdlILj1TgBR6zbID0h1u3hks00iS12wroyGCMIIBwgYJKoZ
> > > > I
> > > > hvcNAQcBMBEGBSsOAwIHBAj53lfxI9fjkoCCAaDUJFGZWEDAdyPbMTu5Jyx8xTP
> > > > I
> > > > OK7Ddzt93LdbrnelizBhV6UKmpBsrpyEy/rJrU4KLcbV0xjf4zWxrbWdzfS2kB4
> > > > X
> > > > UyicUP1hJO69MlVgejmAChuaOeE2xgv7sfRUZaJHOYM0b4fOBTNBut2Tm8V3/hZ
> > > > t
> > > > zlQxPL77s91c7x757fTQVOWIz3q6KM1LpChmu4zy+nZ42fUjKYvAW/zF/CJsmfM
> > > > D
> > > > PRJheltEkr0j7f2DmsYDX+y5NEBrtbYFziWnvVE52wcEfdokNiTNyt9932cbL5v
> > > > m
> > > > JydFlrZLpMlM4RCRalCizmRhAyLz7/cKFvwgF4fwdDr/bc+OOogVUAfGP6k+WmI
> > > > 3
> > > > imzH/XSL1YAfMwF9Seh2k8T7KootMWajTfsD8s0Qfg2is30T/I8OwdWneDCMwbr
> > > > R
> > > > ws72KlAcIwyOkLFAXiPBpMLlbR9l3y5VnJrIFdHSosoECGG3PpjqTfNxdQE2Ooo
> > > > 7
> > > > W3IJR6ad3Etu4w8EwHUlntwqbtOKkqT4sIw0HBVssUg8IZBRyHMackP5/NpAotN
> > > > x
> > > > r18qJ4ulxrxSL9SvyqCCAccwggHDMIIBLKADAgECAiA5QTZDMzkxOEM1NERCOTk
> > > > 0
> > > > RTdFOTUxNTA1OTgzQTE4MTANBgkqhkiG9w0BAQQFADAYMRYwFAYDVQQDDA0xNzI
> > > > u
> > > > MTYuMjQuMjM4MB4XDTE5MDkwOTA3MTIzMloXDTE5MDkxNTA5MTIzMlowGDEWMBQ
> > > > G
> > > > A1UEAwwNMTcyLjE2LjI0LjIzODCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYE
> > > > A
> > > > sfeobE3UTqt4Sd9vPnyG+ugzbW9uG1nXlm8Vv39MACJqfgxU6os8Kh6sElQcjXn
> > > > 5
> > > > lNiy8L7VAX/Oqyp2SEcb4qAoIMCBMTLN7UzRHIpQKr9c6oZIcvUc0mBWpDbv3jc
> > > > q
> > > > dTfF1MoIs2/qyAVPg2f5sZ42V1w8IDZ6TM3JZK6/ckUCAwEAATANBgkqhkiG9w0
> > > > B
> > > > AQQFAAOBgQATop2OWQJzY3Axds0+9PGPAc0xGtlUQ462teCwgkm6bbrBr7eYhQe
> > > > L
> > > > gsT07aesE+37wrtOfmXBucDrdextS6OxW3g5KzC8Gp1yPXHglt8nUUESy9ooF49
> > > > 0
> > > > TZDBIIQ5yBbMk+AYy0IOWQURlNcc8RJ5LmJXnbq4G/etkLGGyELXxDGCAakwggG
> > > > l
> > > > AgEBMDwwGDEWMBQGA1UEAwwNMTcyLjE2LjI0LjIzOAIgOUE2QzM5MThDNTREQjk
> > > > 5
> > > > NEU3RTk1MTUwNTk4M0ExODEwDAYIKoZIhvcNAgUFAKCBwTASBgpghkgBhvhFAQk
> > > > C
> > > > MQQTAjE5MBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvcNAQkFMQ8
> > > > X
> > > > DTE5MDkwOTA3MTIzMlowHwYJKoZIhvcNAQkEMRIEEMhY6izfmIjbrJo0kGbUbbQ
> > > > w
> > > > IAYKYIZIAYb4RQEJBTESBBDpm5bmNyqQpJbJXX9leZwfMDAGCmCGSAGG+EUBCQc
> > > > x
> > > > IhMgOUE2QzM5MThDNTREQjk5NEU3RTk1MTUwNTk4M0ExODEwDQYJKoZIhvcNAQE
> > > > B
> > > > BQAEgYBThSGDFq9BdXNiOmDxxgw03eEEpxHKTn5jwdHnHxR5nLq2IKmVicyAdyu
> > > > u
> > > > Ax/ohg2CAU8+g+k914OzYWMh611mmKu5UyliRmq5LofTgXxzF3duW6aeRkMWxpD
> > > > b
> > > > zMp1TGXlKryeo1uPpZ5xZ0GGPqbkhsFlgCc2mhn35B7M2bD4jg==
> > > > -----END PKCS7-----
> > > > sscep: applying base64 encoding
> > > > sscep: base64 encoded payload size: 2588 bytes
> > > > sscep: scep msg: GET /ca/cgi-
> > > > bin/pkiclient.exe?operation=PKIOperation&message=MIIHc.........
> > > > .N
> > > > AQ
> > > > cC
> > > > oI
> > > > IHYjCCB14CAQExDjAMBggqhkiG9w0CBQUAMIIDzwYJ%0AKoZIhvcNAQcBoIIDwA
> > > > SC
> > > > A7
> > > > ww
> > > > gg
> > > > O4BgkqhkiG9w0BBwOgggOpMIIDpQIBADGCAdgw%0AggHUAgEAMIG7MIGlMQswCQ
> > > > YD
> > > > VQ
> > > > QG
> > > > Ew
> > > > JTQzEZMBcGA1UECBMQTWFoZSwgU2V5Y2hl%0AbGxlczEcMBoGA1UEChMTUG9zdE
> > > > 1l
> > > > dC
> > > > BD
> > > > b3
> > > > Jwb3JhdGlvbjEZMBcGA1UECxMQU1NM%0AIGtleSBkaXZpc2lvbjEgMB4GA1UEAx
> > > > MX
> > > > UG
> > > > 9z
> > > > dE
> > > > 1ldCBSb290IENBIENsYXNzIDEx%0AIDAeBgkqhkiG9w0BCQEWEWFkbWluQHBvc3
> > > > Rt
> > > > ZX
> > > > Qu
> > > > Y2
> > > > 9tAhETSGWDZFdjSHVjR2gx%0AZDWHwTANBgkqhkiG9w0BAQEFAASCAQCAerkqjA
> > > > It
> > > > s4
> > > > Bf
> > > > 8T
> > > > dhGuF4bCZCocccJ/aY%0A8cQDHzfmeJ9FJ3Wk9tT3nzvzM4WKGf4FjvpxouyzR4
> > > > nK
> > > > NO
> > > > aH
> > > > ry
> > > > aSyH1DOBzyx7DI%0A9ZaCraKWcTd5m2KIamN/oaN7sA3fyBjjLoxTQ1TTiv8TXq
> > > > 1w
> > > > 8C
> > > > 4/
> > > > 7/
> > > > uaauv4uHg9%0AjFKf8uRcXL0Y52cZpOZqmG8vSrDFvWlLg47vrly6bLkgXIkcCf
> > > > c7
> > > > kT
> > > > I0
> > > > li
> > > > 7E0%2B6h%0Ae7xrPEAIpvX1JWcS5rLRnZYvT9YJgw2k3qR1f/Upx5OWDoa7yjGp
> > > > XA
> > > > G8
> > > > dR
> > > > 7A
> > > > u%2Bf3%0AUvLLx34SA8wk49NdGdlILj1TgBR6zbID0h1u3hks00iS12wroyGCMI
> > > > IB
> > > > wg
> > > > YJ
> > > > Ko
> > > > ZI%0AhvcNAQcBMBEGBSsOAwIHBAj53lfxI9fjkoCCAaDUJFGZWEDAdyPbMTu5Jy
> > > > x8
> > > > xT
> > > > PI
> > > > %0
> > > > AOK7Ddzt93LdbrnelizBhV6UKmpBsrpyEy/rJrU4KLcbV0xjf4zWxrbWdzfS2kB
> > > > 4X
> > > > %0
> > > > AU
> > > > yi
> > > > cUP1hJO69MlVgejmAChuaOeE2xgv7sfRUZaJHOYM0b4fOBTNBut2Tm8V3/hZt%0
> > > > Az
> > > > lQ
> > > > xP
> > > > L7
> > > > 7s91c7x757fTQVOWIz3q6KM1LpChmu4zy%2BnZ42fUjKYvAW/zF/CJsmfMD%0AP
> > > > RJ
> > > > he
> > > > lt
> > > > Ek
> > > > r0j7f2DmsYDX%2By5NEBrtbYFziWnvVE52wcEfdokNiTNyt9932cbL5vm%0AJyd
> > > > Fl
> > > > rZ
> > > > Lp
> > > > Ml
> > > > M4RCRalCizmRhAyLz7/cKFvwgF4fwdDr/bc%2BOOogVUAfGP6k%2BWmI3%0Aimz
> > > > H/
> > > > XS
> > > > L1
> > > > YA
> > > > fMwF9Seh2k8T7KootMWajTfsD8s0Qfg2is30T/I8OwdWneDCMwbrR%0Aws72KlA
> > > > cI
> > > > wy
> > > > Ok
> > > > LF
> > > > AXiPBpMLlbR9l3y5VnJrIFdHSosoECGG3PpjqTfNxdQE2Ooo7%0AW3IJR6ad3Et
> > > > u4
> > > > w8
> > > > Ew
> > > > HU
> > > > lntwqbtOKkqT4sIw0HBVssUg8IZBRyHMackP5/NpAotNx%0Ar18qJ4ulxrxSL9S
> > > > vy
> > > > qC
> > > > CA
> > > > cc
> > > > wggHDMIIBLKADAgECAiA5QTZDMzkxOEM1NERCOTk0%0ARTdFOTUxNTA1OTgzQTE
> > > > 4M
> > > > TA
> > > > NB
> > > > gk
> > > > qhkiG9w0BAQQFADAYMRYwFAYDVQQDDA0xNzIu%0AMTYuMjQuMjM4MB4XDTE5MDk
> > > > wO
> > > > TA
> > > > 3M
> > > > TI
> > > > zMloXDTE5MDkxNTA5MTIzMlowGDEWMBQG%0AA1UEAwwNMTcyLjE2LjI0LjIzODC
> > > > Bn
> > > > zA
> > > > NB
> > > > gk
> > > > qhkiG9w0BAQEFAAOBjQAwgYkCgYEA%0AsfeobE3UTqt4Sd9vPnyG%2BugzbW9uG
> > > > 1n
> > > > Xl
> > > > m8
> > > > Vv
> > > > 39MACJqfgxU6os8Kh6sElQcjXn5%0AlNiy8L7VAX/Oqyp2SEcb4qAoIMCBMTLN7
> > > > Uz
> > > > RH
> > > > Ip
> > > > QK
> > > > r9c6oZIcvUc0mBWpDbv3jcq%0AdTfF1MoIs2/qyAVPg2f5sZ42V1w8IDZ6TM3JZ
> > > > K6
> > > > /c
> > > > kU
> > > > CA
> > > > wEAATANBgkqhkiG9w0B%0AAQQFAAOBgQATop2OWQJzY3Axds0%2B9PGPAc0xGtl
> > > > UQ
> > > > 46
> > > > 2t
> > > > eC
> > > > wgkm6bbrBr7eYhQeL%0AgsT07aesE%2B37wrtOfmXBucDrdextS6OxW3g5KzC8G
> > > > p1
> > > > yP
> > > > XH
> > > > gl
> > > > t8nUUESy9ooF490%0ATZDBIIQ5yBbMk%2BAYy0IOWQURlNcc8RJ5LmJXnbq4G/e
> > > > tk
> > > > LG
> > > > Gy
> > > > EL
> > > > XxDGCAakwggGl%0AAgEBMDwwGDEWMBQGA1UEAwwNMTcyLjE2LjI0LjIzOAIgOUE
> > > > 2Q
> > > > zM
> > > > 5M
> > > > Th
> > > > DNTREQjk5%0ANEU3RTk1MTUwNTk4M0ExODEwDAYIKoZIhvcNAgUFAKCBwTASBgp
> > > > gh
> > > > kg
> > > > Bh
> > > > vh
> > > > FAQkC%0AMQQTAjE5MBgGCSqGSIb3DQEJAzELBgkqhkiG9w0BBwEwHAYJKoZIhvc
> > > > NA
> > > > Qk
> > > > FM
> > > > Q8
> > > > X%0ADTE5MDkwOTA3MTIzMlowHwYJKoZIhvcNAQkEMRIEEMhY6izfmIjbrJo0kGb
> > > > Ub
> > > > bQ
> > > > w%
> > > > 0A
> > > > IAYKYIZIAYb4RQEJBTESBBDpm5bmNyqQpJbJXX9leZwfMDAGCmCGSAGG%2BEUBC
> > > > Qc
> > > > x%
> > > > 0A
> > > > Ih
> > > > MgOUE2QzM5MThDNTREQjk5NEU3RTk1MTUwNTk4M0ExODEwDQYJKoZIhvcNAQEB%
> > > > 0A
> > > > BQ
> > > > AE
> > > > gY
> > > > BThSGDFq9BdXNiOmDxxgw03eEEpxHKTn5jwdHnHxR5nLq2IKmVicyAdyuu%0AAx
> > > > /o
> > > > hg
> > > > 2C
> > > > AU
> > > > 8%2Bg%2Bk914OzYWMh611mmKu5UyliRmq5LofTgXxzF3duW6aeRkMWxpDb%0AzM
> > > > p1
> > > > TG
> > > > Xl
> > > > Kr
> > > > yeo1uPpZ5xZ0GGPqbkhsFlgCc2mhn35B7M2bD4jg%3D%3D%0A HTTP/1.0
> > > >
> > > > sscep: server returned status code 500
> > > > sscep: mime_err: HTTP/1.1 500
> > > > Content-Type: text/html;charset=utf-8
> > > > Content-Language: en
> > > > Content-Length: 3234
> > > > Date: Mon, 09 Sep 2019 07:12:32 GMT
> > > > Connection: close
> > > >
> > > > <!doctype html><html lang="en"><head><title>HTTP Status 500 –
> > > > Internal
> > > > Server Error</title><style type="text/css">h1 {font-
> > > > family:Tahoma,Arial,sans-serif;color:white;background-
> > > > color:#525D76;font-size:22px;} h2 {font-
> > > > family:Tahoma,Arial,sans-
> > > > serif;color:white;background-color:#525D76;font-size:16px;} h3
> > > > {font-
> > > > family:Tahoma,Arial,sans-serif;color:white;background-
> > > > color:#525D76;font-size:14px;} body {font-
> > > > family:Tahoma,Arial,sans-
> > > > serif;color:black;background-color:white;} b {font-
> > > > family:Tahoma,Arial,sans-serif;color:white;background-
> > > > color:#525D76;}
> > > > p
> > > > {font-family:Tahoma,Arial,sans-
> > > > serif;background:white;color:black;font-
> > > > size:12px;} a {color:black;} a.name {color:black;} .line
> > > > {height:1px;background-
> > > > color:#525D76;border:none;}</style></head><body><h1>HTTP Status
> > > > 500
> > > > –
> > > > Internal Server Error</h1><hr class="line" /><p><b>Type</b>
> > > > Exception
> > > > Report</p><p><b>Message</b> Couldn't handle CEP request
> > > > (PKCSReq)
> > > > -
> > > > Could not unwrap PKCS10 blob:
> > > > java.security.cert.CertificateException:
> > > > Error instantiating class for challenge_password
> > > > java.lang.ClassNotFoundException:
> > > > com.netscape.cms.servlet.cert.scep.ChallengePassword</p><p><b>D
> > > > es
> > > > cr
> > > > ip
> > > > ti
> > > > on</b> The server encountered an unexpected condition that
> > > > prevented
> > > > it
> > > > from fulfilling the
> > > > request.</p><p><b>Exception</b></p><pre>javax.servlet.ServletEx
> > > > ce
> > > > pt
> > > > io
> > > > n:
> > > > Couldn't handle CEP request (PKCSReq) - Could not unwrap
> > > > PKCS10
> > > > blob: java.security.cert.CertificateException: Error
> > > > instantiating
> > > > class for challenge_password java.lang.ClassNotFoundException:
> > > > com.netscape.cms.servlet.cert.scep.ChallengePassword
> > > > com.netscape.cms.servlet.cert.scep.CRSEnrollment.servic
> > > > e(
> > > > CR
> > > > SE
> > > > nr
> > > > ollment.java:397)
> > > > javax.servlet.http.HttpServlet.service(HttpServlet.java
> > > > :7
> > > > 41
> > > > )
> > > > sun.reflect.GeneratedMethodAccessor48.invoke(Unknown
> > > > Source)
> > > > sun.reflect.DelegatingMethodAccessorImpl.invoke(Delegat
> > > > in
> > > > gM
> > > > et
> > > > ho
> > > > dAccessorImpl.java:43)
> > > > java.lang.reflect.Method.invoke(Method.java:498)
> > > > org.apache.catalina.security.SecurityUtil$1.run(Securit
> > > > yU
> > > > ti
> > > > l.
> > > > ja
> > > > va:282)
> > > > org.apache.catalina.security.SecurityUtil$1.run(Securit
> > > > yU
> > > > ti
> > > > l.
> > > > ja
> > > > va:279)
> > > > java.security.AccessController.doPrivileged(Native
> > > > Method)
> > > > javax.security.auth.Subject.doAsPrivileged(Subject.java
> > > > :5
> > > > 49
> > > > )
> > > > org.apache.catalina.security.SecurityUtil.execute(Secur
> > > > it
> > > > yU
> > > > ti
> > > > l.
> > > > java:314)
> > > > org.apache.catalina.security.SecurityUtil.doAsPrivilege
> > > > (S
> > > > ec
> > > > ur
> > > > it
> > > > yUtil.java:170)
> > > > java.security.AccessController.doPrivileged(Native
> > > > Method)
> > > > org.apache.tomcat.websocket.server.WsFilter.doFilter(Ws
> > > > Fi
> > > > lt
> > > > er
> > > > .j
> > > > ava:53)
> > > > sun.reflect.GeneratedMethodAccessor47.invoke(Unknown
> > > > Source)
> > > > sun.reflect.DelegatingMethodAccessorImpl.invoke(Delegat
> > > > in
> > > > gM
> > > > et
> > > > ho
> > > > dAccessorImpl.java:43)
> > > > java.lang.reflect.Method.invoke(Method.java:498)
> > > > org.apache.catalina.security.SecurityUtil$1.run(Securit
> > > > yU
> > > > ti
> > > > l.
> > > > ja
> > > > va:282)
> > > > org.apache.catalina.security.SecurityUtil$1.run(Securit
> > > > yU
> > > > ti
> > > > l.
> > > > ja
> > > > va:279)
> > > > java.security.AccessController.doPrivileged(Native
> > > > Method)
> > > > javax.security.auth.Subject.doAsPrivileged(Subject.java
> > > > :5
> > > > 49
> > > > )
> > > > org.apache.catalina.security.SecurityUtil.execute(Secur
> > > > it
> > > > yU
> > > > ti
> > > > l.
> > > > java:314)
> > > > org.apache.catalina.security.SecurityUtil.doAsPrivilege
> > > > (S
> > > > ec
> > > > ur
> > > > it
> > > > yUtil.java:253)
> > > > </pre><p><b>Note</b> The full stack trace of the root cause is
> > > > available in the server logs.</p><hr class="line" /><h3>Apache
> > > > Tomcat/9.0.21</h3></body></html>
> > > > sscep: wrong (or missing) MIME content type
> > > > sscep: error while sending message
> > > >
> > > >
> > > > Why it is trying to unwrap PKCS10 if we are sending PKCS7 ?
> > > > How it can be fixed ?
> > > > I am sure you know it.
> > > > Please help.
> > > >
> > > >
> > > >
--
Pavel Ryabih
PostMet Corporation
http://www.postmet.com
Call to sip:pr at postmet.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 6468 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/pki-users/attachments/20190916/62a619cd/attachment.bin>
More information about the Pki-users
mailing list