Security

Reply
MVP
Posts: 128
Registered: ‎07-13-2015

Onboarding issues when using registration authority mode with SCEP to PKI

Hi,

 

when I configure Clearpass as a registration authority, I put in the SCEP URL and Challenge, then I fetch the CA cert and receive the chain as expected. 

When I go to the the device_provisionning php page on the client to onboard, I receive the following (regardless of device types)

 

Unable to extract certificate from SCEP response (error:0D07207B:asn1 encoding routines:ASN1_get_object:header too long
error:0D0D106E:asn1 encoding routines:B64_READ_ASN1:decode error
error:0D0D40CB:asn1 encoding routines:SMIME_read_ASN1:asn1 parse error)

 

From the PKI side the certs are issued and from Wireshark I see 200 accepts from the PKI :

cap scep.png

 

Thoughts on this ? 

 

Much appreciated,

ACMP, ACCP, BCNE
Guru Elite
Posts: 8,638
Registered: ‎09-08-2010

Re: Onboarding issues when using registration authority mode with SCEP to PKI

What type of PKI environment are you proxying to?

Tim Cappalli | Aruba Security TME
@timcappalli | timcappalli.me | ACMX #367 / ACCX #480
MVP
Posts: 128
Registered: ‎07-13-2015

Re: Onboarding issues when using registration authority mode with SCEP to PKI

Hi Tim,

 

Windows 2008 R2 PKI.

 

Thanks

ACMP, ACCP, BCNE
MVP
Posts: 128
Registered: ‎07-13-2015

Re: Onboarding issues when using registration authority mode with SCEP to PKI

We are also using the same exact SCEP URL and Challenger for an MDM and it's working fine.

ACMP, ACCP, BCNE
Search Airheads
Showing results for 
Search instead for 
Did you mean: