SCEP-Client bekommt kein Zertifikat (no PKCS12 was found)

[rrr]

Wenn ich den SCEP-Client auf dem Router, auf welchem sich auch die CA befindet, einrichte, erhält der SCEP-Client kein Zertifikat. (Einrichtung gemäß Lancom-KB: https://www2.lancom.de/kb.nsf/1275/40FE ... enDocument)

Der Trace sagt: "no PKCS12 file was found".

Ich konnte jedoch bereits problemlos Zertifikate über die LC-Weboberfläche erstellen.

Trace:

Code: Alles auswählen

[SCEP-Client] 2015/09/07 13:17:36,059  Devicetime: 2015/09/07 13:17:36,159
SCEP-Client info: starting initialisation, setting initialising flag

[SCEP-Client] 2015/09/07 13:17:36,075  Devicetime: 2015/09/07 13:17:36,159
SCEP-Client info: Init state is now SCEP_INIT_STATE_INIT

[SCEP-Client] 2015/09/07 13:17:36,075  Devicetime: 2015/09/07 13:17:36,159
SCEP-Client info: checkConfigurationAndCertificates: starting CA initialisation, start index is 1

[SCEP-Client] 2015/09/07 13:17:36,090  Devicetime: 2015/09/07 13:17:36,159
SCEP-Client info: initialiseCAs: started for CA at index 1

[SCEP-Client] 2015/09/07 13:17:36,090  Devicetime: 2015/09/07 13:17:36,159
SCEP-Client info: initialiseCAs: there are 1 CAs

[SCEP-Client] 2015/09/07 13:17:36,106  Devicetime: 2015/09/07 13:17:36,159
SCEP-Client info: initialiseCAs: starting initialisation of CA

[SCEP-Client] 2015/09/07 13:17:36,106  Devicetime: 2015/09/07 13:17:36,159
SCEP-Client info: scep_set_ca_struct: started for CA at position 1

[SCEP-Client] 2015/09/07 13:17:36,121  Devicetime: 2015/09/07 13:17:36,160
SCEP-Client debug: parseScepUrl: parsing URL https://127.0.0.1/cgi-bin/pkiclient.exe

[SCEP-Client] 2015/09/07 13:17:36,137  Devicetime: 2015/09/07 13:17:36,160
SCEP-Client debug: parseScepUrl: found host 127.0.0.1, directory /cgi-bin/pkiclient.exe and port 

[SCEP-Client] 2015/09/07 13:17:36,137  Devicetime: 2015/09/07 13:17:36,160
SCEP-Client debug: setCAFiles: searching PKCS12 file with CA certificates

[SCEP-Client] 2015/09/07 13:17:36,153  Devicetime: 2015/09/07 13:17:36,160
SCEP-Client ERROR: setCAFiles: no PKCS12 file was found

[SCEP-Client] 2015/09/07 13:17:36,153  Devicetime: 2015/09/07 13:17:36,160
SCEP-Client ERROR: setupCAData:ERROR: scep_set_ca_files failed! Is there any certificate configured using this CA?

[SCEP-Client] 2015/09/07 13:17:36,168  Devicetime: 2015/09/07 13:17:36,160
SCEP-Client debug: initSingleCA: increasing CA index

[SCEP-Client] 2015/09/07 13:17:36,184  Devicetime: 2015/09/07 13:17:36,160
SCEP-Client ERROR: initSingleCA: SCEP_INIT_STATE_INIT: error in set_ca_struct, skipping this CA

[SCEP-Client] 2015/09/07 13:17:36,184  Devicetime: 2015/09/07 13:17:36,160
SCEP-Client debug: initialiseCAs: there was an error in initSingleCA, skipping CA

[SCEP-Client] 2015/09/07 13:17:36,199  Devicetime: 2015/09/07 13:17:36,160
SCEP-Client info: initialiseCAs: SCEP_INIT_STATE_INIT has been reached, 1 CAs handled, 0 CAs ok

[SCEP-Client] 2015/09/07 13:17:36,199  Devicetime: 2015/09/07 13:17:36,160
SCEP-Client fatal: initialiseCAs: not all CA certificates available, cannot continue

[SCEP-Client] 2015/09/07 13:17:36,215  Devicetime: 2015/09/07 13:17:36,160
SCEP-Client ERROR: checkConfigurationAndCertificates:  initialiseCAs failed, giving up

[SCEP-Client] 2015/09/07 13:17:36,231  Devicetime: 2015/09/07 13:17:36,160
SCEP-Client fatal:  invalid SCEP configuration

[SCEP-Client] 2015/09/07 13:17:36,231  Devicetime: 2015/09/07 13:17:36,160
SCEP-Client info: setting initialising flag to false

[rrr]

Habs nun geschafft. Bei mir lag es daran, dass ich im CA/RA-Zertifikat die E-Mail Addresse mit "/E" anstelle von "/emailAddress" angegeben hab.
Lancom selbst verwendet aber auch in der Weboberfläche "E-Mail (E)".