I hav also tried with 4.5.1, same result. scepclient is stuck at the command line.<br><br><br><div class="gmail_quote">On Sun, Feb 20, 2011 at 8:11 AM, Richard Chan <span dir="ltr"><<a href="mailto:rspchan@starhub.net.sg">rspchan@starhub.net.sg</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin: 0pt 0pt 0pt 0.8ex; border-left: 1px solid rgb(204, 204, 204); padding-left: 1ex;">Hello, I am testing scepclient but it doesn't seem to send anything to the CA.<br><br>Using strongSwan 4.5.0 to MS CertSrv on Win 2003 Server with SCEP Add-On.<br>
<br>I can't see any HTTP/SCEP packets sent to server. Any ideas?<br>
<br><br>1. Confirm CA server/SCEP is working by manual download:<br><br>[root@XXXXXXXX ~]# wget -O abcd.der <a href="http://192.168.122.21/certsrv/mscep/mscep.dll?operation=GetCACert%5C&message=192.168.122.21" target="_blank">http://192.168.122.21/certsrv/mscep/mscep.dll?operation=GetCACert\&message=192.168.122.21</a><br>
--2011-02-20 08:06:26-- <a href="http://192.168.122.21/certsrv/mscep/mscep.dll?operation=GetCACert&message=192.168.122.21" target="_blank">http://192.168.122.21/certsrv/mscep/mscep.dll?operation=GetCACert&message=192.168.122.21</a><br>
Connecting to 192.168.122.21:80... connected.<br>HTTP request sent, awaiting response... 200 OK<br>Length: 3558 (3.5K) [application/x-x509-ca-ra-cert]<br>Saving to: “abcd.der”<br><br>100%[======================================>] 3,558 --.-K/s in 0.03s <br>
<br>2011-02-20 08:06:26 (105 KB/s) - “abcd.der” saved [3558/3558]<br><br>BTW: I note that MS CertSrv doesn't work if you omit message= for the GetCACert operation.<br><br>2. [root@tristan ~]# ipsec scepclient --out cacert --url <a href="http://192.168.122.21/certsrv/mscep/mscep.dll" target="_blank">http://192.168.122.21/certsrv/mscep/mscep.dll</a> -A -f<br>
| plugin 'aes': loaded successfully<br>| plugin 'des': loaded successfully<br>| plugin 'sha1': loaded successfully<br>| plugin 'sha2': loaded successfully<br>| plugin 'md5': loaded successfully<br>
| plugin 'random': loaded successfully<br>| plugin 'x509': loaded successfully<br>| plugin 'pkcs1': loaded successfully<br>| plugin 'pem': loaded successfully<br>| plugin 'gmp': loaded successfully<br>
loaded plugins: aes des sha1 sha2 md5 random x509 pkcs1 pem gmp <br>| dn: 'C=CH, O=Linux strongSwan, CN=XXXXXXXX'<br>| building pkcs10 object:<br> fingerprint: 60fbb84a3c6f8bb82bc0540829fd61df<br>...nothing is happening...<br>
<br>3. Check for packets: <br>
<br>
[root@tristan ~]# tcpdump -i eth0 -w /var/tmp/TCPDUMP.dat host 192.168.122.21<br>
tcpdump: listening on br0, link-type EN10MB (Ethernet), capture size 65535 bytes<br>
^C0 packets captured<br>
0 packets received by filter<br>
0 packets dropped by kernel<br>
<br>
<br>
</blockquote></div><br>