Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

CAIdentifier will send with GETCA even it is not defined in the call #160

Open
oregano87 opened this issue Oct 25, 2022 · 1 comment
Open

Comments

@oregano87
Copy link

I am using EJBCA for SCEP enrollment. It is not possible for me to call getca because the response is 404 wrong (or missing) MIME content type. Any ideas?

$ sscep getca -u http://ejbca.domain.tld/ejbca/publicweb/apply/scep/demo/pkiclient.exe -c /tmp/ca.crt -vd
sscep: starting sscep, version 0.10.0
sscep: new transaction
sscep: transaction id: SSCEP transactionId
sscep: hostname: ejbca.domain.tld
sscep: directory: ejbca/publicweb/apply/scep/demo/pkiclient.exe
sscep: port: 80
sscep: SCEP_OPERATION_GETCAPS
sscep: scep request:
GET /ejbca/publicweb/apply/scep/demo/pkiclient.exe?operation=GetCACaps HTTP/1.1
Host: ejbca.domain.tld
Connection: close

sscep: connecting to ejbca.domain.tld:80
sscep: server response status code: 200, MIME header: text/plain
POSTPKIOperation
Renewal
SHA-512
SHA-256
SHA-1
DES3
sscep: scep caps bitmask: 0x02ba
sscep: SCEP_OPERATION_GETCA
sscep: scep request:
GET /ejbca/publicweb/apply/scep/demo/pkiclient.exe?operation=GetCACert&message=CAIdentifier HTTP/1.1
Host: ejbca.domain.tld
Connection: close

sscep: connecting to ejbca.domain.tld:80
sscep: server response status code: 404, MIME header: text/html
sscep: wrong (or missing) MIME content type
sscep: error while sending message
@oregano87
Copy link
Author

Bug found. When calling with -i '' then it works well.

$ sscep getca -u http://ejbca.domain.tld/ejbca/publicweb/apply/scep/demo/pkiclient.exe -c /tmp/ca.crt -i '' -vd
[...]
sscep: scep caps bitmask: 0x02ba
sscep: SCEP_OPERATION_GETCA
sscep: scep request:
GET /ejbca/publicweb/apply/scep/demo/pkiclient.exe?operation=GetCACert HTTP/1.1
Host: ejbca.domain.tld
Connection: close

sscep: connecting to ejbca.domain.tld:80
sscep: server response status code: 200, MIME header: application/x-x509-ca-ra-cert
sscep: valid response from server
[...]

If no parameter -i is defined, then the GET request must not include the MESSAGE.

@oregano87 oregano87 changed the title Trying SSCEP with EJBCA but it returns an error CAIdentifier will send with GETCA even it is not defined in the call Oct 26, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

1 participant