[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: question on interop with entrust server

To: "Ricky Charlet" <rcharlet@xxxxxxxxxx>
Subject: Re: question on interop with entrust server
From: Max Pritikin <pritikin@xxxxxxxxx>
Date: Tue, 7 Nov 2006 12:17:08 -0800
Authentication-results: sj-dkim-1.cisco.com; header.From=pritikin@xxxxxxxxx; dkim=pass ( sig from cisco.com verified; );
Cc: <scep@xxxxxxxx>
Dkim-signature: a=rsa-sha1; q=dns; l=2822; t=1162930633; x=1163794633; c=relaxed/simple; s=sjdkim1002; h=Content-Type:From:Subject:Content-Transfer-Encoding:MIME-Version; d=cisco.com; i=pritikin@xxxxxxxxx; z=From:Max=20Pritikin=20<pritikin@xxxxxxxxx> |Subject:Re=3A=20question=20on=20interop=20with=20entrust=20server; X=v=3Dcisco.com=3B=20h=3D7UuzHhTdPuxusP2a2aRB3lbErpo=3D; b=ELcM2NN1jDbqovkSaVJtmJD4qDUY3N5J7iSoyo5/f4dEsA45FA+yM/JSGhHwBFxTWEqGSg01 si75YGz0faD+4zzJX5bm0016BLWvEiAedfQNbFiS9pgOk7oHC7mkdwQT;
In-reply-to: <7E49849DDCBEAA489C65292E8B8AE7E814032FE4@xxxxxxxxxxxxxxxxxxxxxxxx>
List-archive: <http://www.vpnc.org/scep/mail-archive/>
List-id: <scep.vpnc.org>
List-unsubscribe: <mailto:scep-request@vpnc.org?body=unsubscribe>
References: <7E49849DDCBEAA489C65292E8B8AE7E814032FE4@xxxxxxxxxxxxxxxxxxxxxxxx>
Sender: owner-scep@xxxxxxxxxxxxx

Well, again voicing my complete lack of knowledge about entrustinternals...

Is this against a CA or an RA? And is there a difference in thebehavior you are seeing?


	- max

On Nov 7, 2006, at 9:17 AM, Ricky Charlet wrote:

Hi Max,

	I don't have a clear enough view into the entrust server

operation to firmly answer your quesetion. But I strongly suspectit is

a proble with decryption. The specific error message I get from the
entrust logs says

"[-00151 The signature verification failed.] Failure duringunprotect of

signed data"

	The signature verification failure is irrelevant. I know this
from 1) the standards don't require it, and 2) a successful enrollment
from a cisco router gets a similar log entry about sig-verification
failure, but the proceeds onward.

	The relevant part of that log message above seems to be "Failure
during unprotect of signed data"


---
Ricky Charlet
W: 408.754.1733
rcharlet@xxxxxxxxxx
--- _
   ( )  ASCII ribbon campaign
    X    - against HTML email
   / \

-----Original Message-----
From: Max Pritikin [mailto:pritikin@xxxxxxxxx]
Sent: Monday, November 06, 2006 5:26 PM
To: Charlet, Ricky (HLYER:0000)
Cc: scep@xxxxxxxx
Subject: Re: question on interop with entrust server

"After a bit more reading..." Then what? :)

Are you having trouble with the entrust CA decrypting the
pkcs7 or is it trouble parsing the pkcs7? Does your client
work against a different CA server?

	- max

On Nov 6, 2006, at 5:04 PM, Ricky Charlet wrote:


After a bit more reading....


---
Ricky Charlet
W: 408.754.1733
rcharlet@xxxxxxxxxx
--- _
   ( )  ASCII ribbon campaign
    X    - against HTML email
   / \

-----Original Message-----
From: owner-scep@xxxxxxxxxxxxx
[mailto:owner-scep@xxxxxxxxxxxxx] On Behalf Of Charlet, Ricky
(HLYER:0000)
Sent: Monday, November 06, 2006 12:49 PM
To: scep@xxxxxxxx
Subject: question on interop with entrust server


Howdy,

	My group is building a new scep client. We have successfully
interoperated against microsoft but are having a difficult time
interoperating with entrust. The entrust server seems not

to be able

to decrypt our PKCS7. But the log message is very vague.
	
	I'm hoping an Entrust VPN enrollment server person is

reading this

and can contact me directly to work out some interop testing.


---
Ricky Charlet
W: 408.754.1733
rcharlet@xxxxxxxxxx
--- _
   ( )  ASCII ribbon campaign
    X    - against HTML email
   / \

Follow-Ups:
- RE: question on interop with entrust server
  - From: Ricky Charlet

References:
- RE: question on interop with entrust server
  - From: Ricky Charlet

Prev by Date: Q: draft 6 of draft-nourse-scep
Next by Date: RE: question on interop with entrust server
Previous by thread: RE: question on interop with entrust server
Next by thread: RE: question on interop with entrust server
Index(es):
- Date
- Thread