[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: question on interop with entrust server

To: "Max Pritikin" <pritikin@xxxxxxxxx>
Subject: RE: question on interop with entrust server
From: "Ricky Charlet" <rcharlet@xxxxxxxxxx>
Date: Tue, 7 Nov 2006 11:17:10 -0600
Cc: <scep@xxxxxxxx>
In-reply-to: <E10251D5-B361-4758-BC09-24F8778D3D73@xxxxxxxxx>
List-archive: <http://www.vpnc.org/scep/mail-archive/>
List-id: <scep.vpnc.org>
List-unsubscribe: <mailto:scep-request@vpnc.org?body=unsubscribe>
Sender: owner-scep@xxxxxxxxxxxxx
Thread-index: AccCC7Poeq1Rgx08QyqKXjowFj0uUQAhFY/g
Thread-topic: question on interop with entrust server

Hi Max,

	I don't have a clear enough view into the entrust server
operation to firmly answer your quesetion. But I strongly suspect it is
a proble with decryption. The specific error message I get from the
entrust logs says

"[-00151 The signature verification failed.] Failure during unprotect of
signed data"

	The signature verification failure is irrelevant. I know this
from 1) the standards don't require it, and 2) a successful enrollment
from a cisco router gets a similar log entry about sig-verification
failure, but the proceeds onward.

	The relevant part of that log message above seems to be "Failure
during unprotect of signed data"


---
Ricky Charlet
W: 408.754.1733
rcharlet@xxxxxxxxxx
--- _
   ( )  ASCII ribbon campaign 
    X    - against HTML email
   / \                   

> -----Original Message-----
> From: Max Pritikin [mailto:pritikin@xxxxxxxxx] 
> Sent: Monday, November 06, 2006 5:26 PM
> To: Charlet, Ricky (HLYER:0000)
> Cc: scep@xxxxxxxx
> Subject: Re: question on interop with entrust server
> 
> 
> "After a bit more reading..." Then what? :)
> 
> Are you having trouble with the entrust CA decrypting the 
> pkcs7 or is it trouble parsing the pkcs7? Does your client 
> work against a different CA server?
> 
> 	- max
> 
> On Nov 6, 2006, at 5:04 PM, Ricky Charlet wrote:
> 
> >
> > After a bit more reading....
> >
> >
> > ---
> > Ricky Charlet
> > W: 408.754.1733
> > rcharlet@xxxxxxxxxx
> > --- _
> >    ( )  ASCII ribbon campaign
> >     X    - against HTML email
> >    / \
> >
> >> -----Original Message-----
> >> From: owner-scep@xxxxxxxxxxxxx
> >> [mailto:owner-scep@xxxxxxxxxxxxx] On Behalf Of Charlet, Ricky
> >> (HLYER:0000)
> >> Sent: Monday, November 06, 2006 12:49 PM
> >> To: scep@xxxxxxxx
> >> Subject: question on interop with entrust server
> >>
> >>
> >> Howdy,
> >>
> >> 	My group is building a new scep client. We have successfully 
> >> interoperated against microsoft but are having a difficult time 
> >> interoperating with entrust. The entrust server seems not 
> to be able 
> >> to decrypt our PKCS7. But the log message is very vague.
> >> 	
> >> 	I'm hoping an Entrust VPN enrollment server person is 
> reading this 
> >> and can contact me directly to work out some interop testing.
> >>
> >>
> >> ---
> >> Ricky Charlet
> >> W: 408.754.1733
> >> rcharlet@xxxxxxxxxx
> >> --- _
> >>    ( )  ASCII ribbon campaign
> >>     X    - against HTML email
> >>    / \
> >>
> >>
>

Follow-Ups:
- Re: question on interop with entrust server
  - From: Max Pritikin

References:
- Re: question on interop with entrust server
  - From: Max Pritikin

Prev by Date: Re: question on interop with entrust server
Next by Date: Q: draft 6 of draft-nourse-scep
Previous by thread: Re: question on interop with entrust server
Next by thread: Re: question on interop with entrust server
Index(es):
- Date
- Thread