Bug 511337 - sscep getca fails with "define CA identifier(-i)
sscep getca fails with "define CA identifier(-i)
Status: CLOSED ERRATA
Product: Dogtag Certificate System
Classification: Community
Component: SCEP (Show other bugs)
unspecified
All Linux
high Severity medium
: ---
: ---
Assigned To: Ade Lee
Chandrasekar Kannan
:
Depends On:
Blocks: 443788
  Show dependency treegraph
 
Reported: 2009-07-14 14:31 EDT by Kashyap Chamarthy
Modified: 2015-01-04 18:39 EST (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-07-22 19:37:19 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
patch to fix (1.42 KB, patch)
2009-07-14 14:39 EDT, Ade Lee
no flags Details | Diff

  None (edit)
Description Kashyap Chamarthy 2009-07-14 14:31:17 EDT
Description:

what I'm trying to do: /usr/bin/sscep getca -c ca.crt -u $scep_enroll_url
Note: prior to running sscep, I ran mkrequest(successfully)

script used+output :
============================
[root@el3pki scep]# ./testfile.bash 
+ ipaddress=10.65.1.5
+ scep_enroll_pin=qrXwf23cAX
+ scep_enroll_url=http://el3pki.pnq.redhat.com:12888/ee/scep/pkiclient.cgi
+ /usr/bin/sscep getca -c ca.crt -u http://el3pki.pnq.redhat.com:12888/ee/scep/pkiclient.cgi
/usr/bin/sscep: requesting CA certificate
/usr/bin/sscep: cannot find data from http reply
/usr/bin/sscep: no data, perhaps you should define CA identifier (-i)
[root@el3pki scep]# ls
=======================================
[root@el3pki scep]# cat testfile.bash 
#!/bin/bash
set -x

ipaddress=10.65.1.5

scep_enroll_pin=qrXwf23cAX

scep_enroll_url=http://el3pki.pnq.redhat.com:12888/ee/scep/pkiclient.cgi 

#commands


#/usr/bin/mkrequest -ip $ipaddress $scep_enroll_pin
/usr/bin/sscep getca -c ca.crt -u $scep_enroll_url
#/usr/bin/sscep enroll -c ca.crt -k local.key -r local.csr -l cert.crt -u $scep_enroll_url

===========================================================================


ra-debug log and access log :
========================
[root@el3pki pki-ra]# tail -f ra-debug.log
Tue Jul 14 01:04:18 IST 2009 - in agent_auth: admin has roles: administrators,agents
Tue Jul 14 01:04:18 IST 2009 - in agent_auth: authorized groups are: administrators,agents
Tue Jul 14 01:04:18 IST 2009 - in agent_auth: group matched
Tue Jul 14 01:04:18 IST 2009 - in agent_auth: group matched
Tue Jul 14 01:06:41 IST 2009 - Tue Jul 14 01:06:41 IST 2009 - URL '/ee/scep/pkiclient.cgi?operation=GetCACert&message=CAIdentifier'
Tue Jul 14 01:06:41 IST 2009 - Tue Jul 14 01:06:41 IST 2009 - Param operation='GetCACert'
Tue Jul 14 01:06:41 IST 2009 - Tue Jul 14 01:06:41 IST 2009 - Param message='CAIdentifier'
Tue Jul 14 01:08:01 IST 2009 - Tue Jul 14 01:08:01 IST 2009 - URL '/ee/scep/pkiclient.cgi?operation=GetCACert&message=CAIdentifier'
Tue Jul 14 01:08:01 IST 2009 - Tue Jul 14 01:08:01 IST 2009 - Param operation='GetCACert'
Tue Jul 14 01:08:01 IST 2009 - Tue Jul 14 01:08:01 IST 2009 - Param message='CAIdentifier'
Tue Jul 14 01:08:45 IST 2009 - Tue Jul 14 01:08:45 IST 2009 - URL '/ee/scep/pkiclient.cgi?operation=GetCACert&message=CAIdentifier'
Tue Jul 14 01:08:45 IST 2009 - Tue Jul 14 01:08:45 IST 2009 - Param operation='GetCACert'
Tue Jul 14 01:08:45 IST 2009 - Tue Jul 14 01:08:45 IST 2009 - Param message='CAIdentifier'
=========================
[root@el3pki pki-ra]# tail  access_log
127.0.0.1 - - [14/Jul/2009:01:04:18 +0530] "GET /img/bkgrnd_greydots.png HTTP/1.1" 404 5735
127.0.0.1 - - [14/Jul/2009:01:04:18 +0530] "GET /img/account_loggedin.gif HTTP/1.1" 404 5735
127.0.0.1 - - [14/Jul/2009:01:04:18 +0530] "GET /img/greybar_br.gif HTTP/1.1" 404 5735
127.0.0.1 - - [14/Jul/2009:01:04:17 +0530] "GET /agent/request/read.cgi?id=2 HTTP/1.1" 200 6084
127.0.0.1 - - [14/Jul/2009:01:04:18 +0530] "GET /img/corner_mainnav_bottom_chopped.png HTTP/1.1" 404 5735
127.0.0.1 - - [14/Jul/2009:01:04:18 +0530] "GET /img/corner_mainnav_top_chopped.png HTTP/1.1" 404 5735
127.0.0.1 - - [14/Jul/2009:01:04:18 +0530] "GET /img/greybar_tr.gif HTTP/1.1" 404 5735
127.0.0.1 - - [14/Jul/2009:01:06:41 +0530] "GET /ee/scep/pkiclient.cgi?operation=GetCACert&message=CAIdentifier HTTP/1.0" 200 -
127.0.0.1 - - [14/Jul/2009:01:08:01 +0530] "GET /ee/scep/pkiclient.cgi?operation=GetCACert&message=CAIdentifier HTTP/1.0" 200 -
127.0.0.1 - - [14/Jul/2009:01:08:45 +0530] "GET /ee/scep/pkiclient.cgi?operation=GetCACert&message=CAIdentifier HTTP/1.0" 200 -
============================
Comment 1 Ade Lee 2009-07-14 14:39:07 EDT
Created attachment 351650 [details]
patch to fix

Problem was that the grep determined that the file was binary
and did not parse through it to get the first few characters.

-a option has it treat the file as text - even if it detects binary.

awnuk, please review.
Comment 2 Andrew Wnuk 2009-07-14 17:08:10 EDT
attachment (id=351650) +awnuk
Comment 3 Ade Lee 2009-07-14 17:13:29 EDT
[builder@dhcp231-124 pki]$ svn ci -m " Bugzilla Bug #511337 - sscep getca fails with define CA identifier" 
Sending        base/ra/lib/perl/PKI/Conn/CA.pm
Sending        dogtag/ra/pki-ra.spec
Transmitting file data ..
Committed revision 697.
Comment 5 Kashyap Chamarthy 2009-07-15 16:01:00 EDT
Verified(with RC4 and new pki-ra from porkchop)

- scep through RA - OK
- scep through CA - OK
Comment 6 Kashyap Chamarthy 2009-07-15 16:02:37 EDT
Scripts used 

=========================================
[root@el3pki scep]# cat scep-ca.bash 
#!/bin/bash
set -x

ipaddress=10.65.1.5

scep_enroll_pin=s50yVzMtQR

scep_enroll_url=http://el3pki.pnq.redhat.com:9180/ca/cgi-bin/pkiclient.exe
#scep_enroll_url=http://el3pki.pnq.redhat.com:12888/ee/scep/pkiclient.cgi 

#commands


/usr/bin/mkrequest -ip $ipaddress $scep_enroll_pin
/usr/bin/sscep getca -c ca.crt -u $scep_enroll_url
/usr/bin/sscep enroll -c ca.crt -k local.key -r local.csr -l cert.crt -u $scep_enroll_url
============================================
[root@el3pki scep]# cat testfile.bash 
#!/bin/bash
set -x

ipaddress=10.65.1.5

scep_enroll_pin=s50yVzMtQR

scep_enroll_url=http://el3pki.pnq.redhat.com:12888/ee/scep/pkiclient.cgi 

#commands


/usr/bin/mkrequest -ip $ipaddress $scep_enroll_pin
/usr/bin/sscep getca -c ca.crt -u $scep_enroll_url
/usr/bin/sscep enroll -c ca.crt -k local.key -r local.csr -l cert.crt -u $scep_enroll_url
=============================================

Note You need to log in before you can comment on or make changes to this bug.