Hello, I am testing scepclient but it doesn't seem to send anything to the CA.<br><br>Using strongSwan 4.5.0 to MS CertSrv on Win 2003 Server with SCEP Add-On.<br><br>I can't see any HTTP/SCEP packets sent to server. Any ideas?<br>
<br><br>1. Confirm CA server/SCEP is working by manual download:<br><br>[root@XXXXXXXX ~]# wget -O abcd.der <a href="http://192.168.122.21/certsrv/mscep/mscep.dll?operation=GetCACert\&message=192.168.122.21">http://192.168.122.21/certsrv/mscep/mscep.dll?operation=GetCACert\&message=192.168.122.21</a><br>
--2011-02-20 08:06:26--  <a href="http://192.168.122.21/certsrv/mscep/mscep.dll?operation=GetCACert&message=192.168.122.21">http://192.168.122.21/certsrv/mscep/mscep.dll?operation=GetCACert&message=192.168.122.21</a><br>
Connecting to 192.168.122.21:80... connected.<br>HTTP request sent, awaiting response... 200 OK<br>Length: 3558 (3.5K) [application/x-x509-ca-ra-cert]<br>Saving to: “abcd.der”<br><br>100%[======================================>] 3,558       --.-K/s   in 0.03s   <br>
<br>2011-02-20 08:06:26 (105 KB/s) - “abcd.der” saved [3558/3558]<br><br>BTW: I note that MS CertSrv doesn't work if you omit message= for the GetCACert operation.<br><br>2. [root@tristan ~]# ipsec scepclient --out cacert --url <a href="http://192.168.122.21/certsrv/mscep/mscep.dll">http://192.168.122.21/certsrv/mscep/mscep.dll</a> -A -f<br>
| plugin 'aes': loaded successfully<br>| plugin 'des': loaded successfully<br>| plugin 'sha1': loaded successfully<br>| plugin 'sha2': loaded successfully<br>| plugin 'md5': loaded successfully<br>
| plugin 'random': loaded successfully<br>| plugin 'x509': loaded successfully<br>| plugin 'pkcs1': loaded successfully<br>| plugin 'pem': loaded successfully<br>| plugin 'gmp': loaded successfully<br>
  loaded plugins: aes des sha1 sha2 md5 random x509 pkcs1 pem gmp <br>| dn: 'C=CH, O=Linux strongSwan, CN=XXXXXXXX'<br>| building pkcs10 object:<br>  fingerprint:    60fbb84a3c6f8bb82bc0540829fd61df<br>...nothing is happening...<br>
<br>3. Check for packets: <br>
<br>
[root@tristan ~]# tcpdump -i eth0 -w /var/tmp/TCPDUMP.dat host 192.168.122.21<br>
tcpdump: listening on br0, link-type EN10MB (Ethernet), capture size 65535 bytes<br>
^C0 packets captured<br>
0 packets received by filter<br>
0 packets dropped by kernel<br>
<br>
<br>