[strongSwan] scepclient not generating any traffic to server: GetCACert
Richard Chan
rspchan at starhub.net.sg
Sun Feb 20 01:46:59 CET 2011
I hav also tried with 4.5.1, same result. scepclient is stuck at the command
line.
On Sun, Feb 20, 2011 at 8:11 AM, Richard Chan <rspchan at starhub.net.sg>wrote:
> Hello, I am testing scepclient but it doesn't seem to send anything to the
> CA.
>
> Using strongSwan 4.5.0 to MS CertSrv on Win 2003 Server with SCEP Add-On.
>
> I can't see any HTTP/SCEP packets sent to server. Any ideas?
>
>
> 1. Confirm CA server/SCEP is working by manual download:
>
> [root at XXXXXXXX ~]# wget -O abcd.der
> http://192.168.122.21/certsrv/mscep/mscep.dll?operation=GetCACert\&message=192.168.122.21
> --2011-02-20 08:06:26--
> http://192.168.122.21/certsrv/mscep/mscep.dll?operation=GetCACert&message=192.168.122.21
> Connecting to 192.168.122.21:80... connected.
> HTTP request sent, awaiting response... 200 OK
> Length: 3558 (3.5K) [application/x-x509-ca-ra-cert]
> Saving to: “abcd.der”
>
> 100%[======================================>] 3,558 --.-K/s in
> 0.03s
>
> 2011-02-20 08:06:26 (105 KB/s) - “abcd.der” saved [3558/3558]
>
> BTW: I note that MS CertSrv doesn't work if you omit message= for the
> GetCACert operation.
>
> 2. [root at tristan ~]# ipsec scepclient --out cacert --url
> http://192.168.122.21/certsrv/mscep/mscep.dll -A -f
> | plugin 'aes': loaded successfully
> | plugin 'des': loaded successfully
> | plugin 'sha1': loaded successfully
> | plugin 'sha2': loaded successfully
> | plugin 'md5': loaded successfully
> | plugin 'random': loaded successfully
> | plugin 'x509': loaded successfully
> | plugin 'pkcs1': loaded successfully
> | plugin 'pem': loaded successfully
> | plugin 'gmp': loaded successfully
> loaded plugins: aes des sha1 sha2 md5 random x509 pkcs1 pem gmp
> | dn: 'C=CH, O=Linux strongSwan, CN=XXXXXXXX'
> | building pkcs10 object:
> fingerprint: 60fbb84a3c6f8bb82bc0540829fd61df
> ...nothing is happening...
>
> 3. Check for packets:
>
> [root at tristan ~]# tcpdump -i eth0 -w /var/tmp/TCPDUMP.dat host
> 192.168.122.21
> tcpdump: listening on br0, link-type EN10MB (Ethernet), capture size 65535
> bytes
> ^C0 packets captured
> 0 packets received by filter
> 0 packets dropped by kernel
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20110220/96363d81/attachment.html>
More information about the Users
mailing list