You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
3.Provide execute permission for all the files: # chmod +x sscep.conf sscep mkrequest
Uncomment and update with correct IP address and pin in flatfile.txt
UID: <ip_address>
PWD: 1212
/var/lib/pki/<ca_instance>/conf/ca/flatfile.txt
restart the instance:
systemctl restart
Execute the below commands to enroll the certificate with sha512:
./mkrequest -ip <ip_address> 1212 sha512
DIGEST=-sha512
Generating RSA private key, 1024 bit long modulus (2 primes)
........................+++++
.......................................+++++
e is 65537 (0x010001)
./sscep getca -u http://pki1.example.com:20080/ca/cgi-bin/pkiclient.exe -c ca.crt
./sscep: starting sscep, version 20081211
./sscep: hostname: pki1.example.com
./sscep: directory: ca/cgi-bin/pkiclient.exe
./sscep: port: 20080
./sscep: SCEP_OPERATION_GETCA
./sscep: requesting CA certificate
./sscep: scep msg: GET /ca/cgi-bin/pkiclient.exe?operation=GetCACert&message=CAIdentifier HTTP/1.0
./sscep: server returned status code 200
./sscep: MIME header: application/x-x509-ca-cert
./sscep: valid response from server
./sscep: MD5 fingerprint: 60:DF:DB:70:57:B2:FB:5E:B0:2D:2E:11:C6:2E:24:F1
./sscep: CA certificate written as ca.crt
./sscep enroll -f sscep.conf -u http://pki1.example.com:20080/ca/cgi-bin/pkiclient.exe -c ca.crt -k local.key -r local.csr -l cert.crt -S sha512 -d
Actual results:
It should enroll the certificate with the sha512 algorithm
Expected results:
sscep enroll will fail with below exception:
./sscep: server returned status code 500
./sscep: mime_err: HTTP/1.1 500
Content-Type: text/html;charset=utf-8
Content-Language: en
Content-Length: 3389
Date: Mon, 18 Nov 2019 13:12:57 GMT
Connection: close
<!doctype html><html lang="en"><head><title>HTTP Status 500 – Internal Server Error</title><style type="text/css">h1 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:525D76;font-size:22px;} h2 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:525D76;font-size:16px;} h3 {font-family:Tahoma,Arial,sans-serif;color:white;background-color:525D76;font-size:14px;} body {font-family:Tahoma,Arial,sans-serif;color:black;background-color:white;} b {font-family:Tahoma,Arial,sans-serif;color:white;background-color:525D76;} p {font-family:Tahoma,Arial,sans-serif;background:white;color:black;font-size:12px;} a {color:black;} a.name {color:black;} .line {height:1px;background-color:525D76;border:none;}</style></head><body><h1>HTTP Status 500 – Internal Server Error</h1><hr class="line" /><p><b>Type</b> Exception Report</p><p><b>Message</b> Couldn&39;t handle CEP request (PKCSReq) - Could not unwrap PKCS10 blob: java.security.cert.CertificateException: Error instantiating class for challenge_password java.lang.ClassNotFoundException: com.netscape.cms.servlet.cert.scep.ChallengePassword</p><p><b>Description</b> The server encountered an unexpected condition that prevented it from fulfilling the request.</p><p><b>Exception</b></p><pre>javax.servlet.ServletException: Couldn&39;t handle CEP request (PKCSReq) - Could not unwrap PKCS10 blob: java.security.cert.CertificateException: Error instantiating class for challenge_password java.lang.ClassNotFoundException: com.netscape.cms.servlet.cert.scep.ChallengePassword
com.netscape.cms.servlet.cert.scep.CRSEnrollment.service(CRSEnrollment.java:397)
javax.servlet.http.HttpServlet.service(HttpServlet.java:741)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
java.lang.reflect.Method.invoke(Method.java:498)
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
java.security.AccessController.doPrivileged(Native Method)
javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:170)
java.security.AccessController.doPrivileged(Native Method)
org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:53)
sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
java.lang.reflect.Method.invoke(Method.java:498)
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:282)
org.apache.catalina.security.SecurityUtil$1.run(SecurityUtil.java:279)
java.security.AccessController.doPrivileged(Native Method)
javax.security.auth.Subject.doAsPrivileged(Subject.java:549)
org.apache.catalina.security.SecurityUtil.execute(SecurityUtil.java:314)
org.apache.catalina.security.SecurityUtil.doAsPrivilege(SecurityUtil.java:253)
</pre><p><b>Note</b> The full stack trace of the root cause is available in the server logs.</p><hr class="line" /><h3>Apache Tomcat/9.0.7</h3></body></html>
./sscep: wrong (or missing) MIME content type
./sscep: error while sending message
Additional info:
The text was updated successfully, but these errors were encountered:
This issue was migrated from Pagure Issue #3167. Originally filed by cipherboy (@cipherboy) on 2020-03-17 10:48:45:
Description of problem:
SSCEP enroll failed with ClassNotFoundException for different hashing algorithm i.e sha512 and sha256
Version-Release number of selected component (if applicable):
PKI Command-Line Interface 10.7.3-1.module+el8.1.0+3964+500fc130
How reproducible:
Always
Steps to Reproduce:
Install CA
wget sscep.conf, sscep and mkrequest tool from http://download.eng.bos.redhat.com/qa/rhts/lookaside/IdM/rhcs/scep_software/sscep/rhel7-x86_64_modified location
3.Provide execute permission for all the files:
# chmod +x sscep.conf sscep mkrequest
UID: <ip_address>
PWD: 1212
/var/lib/pki/<ca_instance>/conf/ca/flatfile.txt
restart the instance:
systemctl restart
Execute the below commands to enroll the certificate with sha512:
Actual results:
It should enroll the certificate with the sha512 algorithm
Expected results:
sscep enroll will fail with below exception:
Additional info:
The text was updated successfully, but these errors were encountered: