[strongSwan] scepclient not generating any traffic to server: GetCACert

Richard Chan rspchan at starhub.net.sg
Sun Feb 20 01:11:53 CET 2011


Hello, I am testing scepclient but it doesn't seem to send anything to the
CA.

Using strongSwan 4.5.0 to MS CertSrv on Win 2003 Server with SCEP Add-On.

I can't see any HTTP/SCEP packets sent to server. Any ideas?


1. Confirm CA server/SCEP is working by manual download:

[root at XXXXXXXX ~]# wget -O abcd.der
http://192.168.122.21/certsrv/mscep/mscep.dll?operation=GetCACert\&message=192.168.122.21
--2011-02-20 08:06:26--
http://192.168.122.21/certsrv/mscep/mscep.dll?operation=GetCACert&message=192.168.122.21
Connecting to 192.168.122.21:80... connected.
HTTP request sent, awaiting response... 200 OK
Length: 3558 (3.5K) [application/x-x509-ca-ra-cert]
Saving to: “abcd.der”

100%[======================================>] 3,558       --.-K/s   in
0.03s

2011-02-20 08:06:26 (105 KB/s) - “abcd.der” saved [3558/3558]

BTW: I note that MS CertSrv doesn't work if you omit message= for the
GetCACert operation.

2. [root at tristan ~]# ipsec scepclient --out cacert --url
http://192.168.122.21/certsrv/mscep/mscep.dll -A -f
| plugin 'aes': loaded successfully
| plugin 'des': loaded successfully
| plugin 'sha1': loaded successfully
| plugin 'sha2': loaded successfully
| plugin 'md5': loaded successfully
| plugin 'random': loaded successfully
| plugin 'x509': loaded successfully
| plugin 'pkcs1': loaded successfully
| plugin 'pem': loaded successfully
| plugin 'gmp': loaded successfully
  loaded plugins: aes des sha1 sha2 md5 random x509 pkcs1 pem gmp
| dn: 'C=CH, O=Linux strongSwan, CN=XXXXXXXX'
| building pkcs10 object:
  fingerprint:    60fbb84a3c6f8bb82bc0540829fd61df
...nothing is happening...

3. Check for packets:

[root at tristan ~]# tcpdump -i eth0 -w /var/tmp/TCPDUMP.dat host
192.168.122.21
tcpdump: listening on br0, link-type EN10MB (Ethernet), capture size 65535
bytes
^C0 packets captured
0 packets received by filter
0 packets dropped by kernel
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110220/138bdc3a/attachment.html>


More information about the Users mailing list