SCEP Asking for Password #239
Comments
|
Hey @0xab3d, the error seems to come from here: https://github.com/Keyfactor/ejbca-ce/blob/f2e334c7befea0def86c230e823555658e604827/modules/ejbca-ejb/src/org/ejbca/core/ejb/ca/sign/SignSessionBean.java#L526-L535, which I think gets the password from here: https://github.com/Keyfactor/ejbca-ce/blob/main/modules/cesecore-common/src/org/cesecore/certificates/certificate/request/PKCS10RequestMessage.java#L184-L238. Since it's HTTP, can you capture the request using e.g. Wireshark, and paste the base64 here? |
|
Thanks @hslatman for checking this. Here you go. MzA4MjBhYWQwNjA5MmE4NjQ4ODZmNzBkMDEwNzAyYTA4MjBhOWUzMDgyMGE5YTAyMDEwMTMxMDkzMDA3MDYwNTJiMGUwMzAyMWEzMDgyMDUzYzA2MDkyYTg2NDg4NmY3MGQwMTA3MDFhMDgyMDUyZDA0ODIwNTI5MzA4MjA1MjUwNjA5MmE4NjQ4ODZmNzBkMDEwNzAzYTA4MjA1MTYzMDgyMDUxMjAyMDEwMDMxODIwMjU1MzA4MjAyNTEwMjAxMDAzMDNiMzAyMzMxMjEzMDFmMDYwMzU1MDQwMzBjMTg0Mzc5NjI2NTcyNjE2Mzc0Njk2MzczMjA1MjZmNmY3NDIwNDM0MTIwMmQyMDQ3MzMwMjE0MmEyNzgwMjg5ZGFlODI5MTEwYmFjMWE0ODMyZjRhY2NkNmI1MjRmNDMwMGIwNjA5MmE4NjQ4ODZmNzBkMDEwMTAxMDQ4MjAyMDA1YmVjM2ZlZGEwNWI1ZmMwN2M4NTZiMWRmNjA1MWRhMmUwNTllZTkwMzdiMmI3MWY1NGEzOGM4ZTY4MmNlMTZjNDYwMjcxZjZhMjVhNjRlYmE2MmFkN2E1YWRjNTRhMzFmYmFlOGNiYmUwOTg5MzJhZTBmMWVjMzA3MDlhNjhmMTIyNmY1Y2QwNDkzYTkzM2MzMzYyODg2OTg1NTExNTRjMDg5ODFkNjk5YjYxN2YwNzg4ZDgyNTEwZTgyZjFlOWYwOGNkNjE3NTA3MmQ2NGY3MzQ3NTkwYTRmZjUyMGEwZjBlMzA5MzYzY2JiNjFiNmM5NDg1MmE4NzUyZDY5YjA3ODAwNDM0YWZhNjgxZTE3ZTM3Yzc1NTRkNjFmZWJjZDc1OTNiZjVhYTFiMGYzZWIwMjlhNWE3M2EzZjA2YTQyMzZhZWMwYjM5MjY5ODU4OGQ5M2U4MGMwZGNjZTk4MjdmYzI5MzY5OGY5NTZiNDFlM2MwNzYyOWM4MjEzMTVhMzU5YmRhMTcwNTM1ODc3ZGYyN2MyOTU0MzVmZTJjOTIyYWVlMzY5NDFjMzFkNWIwODVlNWE0MGM4OTRmMTQ1NGNiOTY4OWUyZWUzNmI4MDQ4ZTFjYmEwNWJlNmQ1NDE5ODZiNzUyYWU3NzdmMmJkM2IyNTk5ZGQ4YmYyZDBmNjBkYmE5N2VmYjVjN2ExOWQ3OGYxNzJkYTlmYTEwMjIzMGVlM2E2ZDA1YjFjMzYxNDQwMDMwOTU2YzliN2JmYTgyMzdmNzdmZGUwMDM1MjYzMzZlYmM0NjI1ZDRiN2U5ODNiZDc0ZTA0NDRhZTZmY2JmZWEwOTMwNjYxYjlmZTA1YjFkOGQyZTc5N2IzYWRhNDRiYWIxNjIwYWFmMmMyOTc0MjQzMDM4YjM1MzY1MTA0YzcwMmQ5ZTI4OTYyNmJmOTI3ZmE4NmVmM2VhNzM0OGRlY2ZiYzIyOTllOTYxNTU1YzA2YzJjMThjYjEzMzgyZDcyYTQwNzVjNWIwNzA0NTQ3MjJhMzhhZjU0NTg1OTA3NTY5NDY0OTc3YjRiMGNiZTJlYzhiYmQ0YmZlMzRjNTFiNTA4Mzc3MGY1ZjAzOGM1NmFiNTU4MGYzMTY1NzFlZDQyNzg4MGFmNTJlY2NhOTJjYmNlZjMyNjY3MzdhODk3MWQyNGI4ZDI5ZTU2NTMwYTAxOWNjNDJhYTA4ODhmMzU0YzkzMGMyYzE5MzEzMzYwNGY3MDZhNzdiNTAyZTRiNzMyMjU0NTdhNzNhNTcwMDhlMDgzNDQyODU0NmNlOGYxYmM0OTU5MTQ3OTYzMWUzYmU4OWQwZDA4ZWMxMmYzYzQ1NTgwNGRmMWRiYzA0NGZkYzM2MzA4MjAyYjIwNjA5MmE4NjQ4ODZmNzBkMDEwNzAxMzAxMTA2MDUyYjBlMDMwMjA3MDQwODEzMWQyMDk2Y2ZkNWZkZGU4MDgyMDI5MGM1MWFlMDc2N2UyZGE2YTg3YTYxNmFmZTU1NTI4MDhlNzdiOGY3N2Q1MTg2MDU1OWFkYjQwMWFmMDUzZDIyN2EyOTJhMTU2MzVjYWEwNTA0NjRmOThlYjE1ZjY4ZTkzYWRkM2JkNDI3YWFlMmI2YTMyOTk4NDMyODI1ODUxMzE2OTg1MWM5YjI4ZmUyOGQ1MjcxNzhmMjc4OGRkNGQwYzFhYTc1YjFmZDViZWEzMTdhOWI0MTQ0ZWNjODdjZGFjNDUyNTZmZjVkYjVhODJhMThjZjMyMGM2M2MxOTFiMzUxYjcyNDIzMjRlYWI4YTY0MjdjNDE1MzMwM2ZlMjU4ZjQ4NzMwYTdlMTAwYjczZWUwODJmODFiNzViMjNkMjc1ZWNiZWE3MzBmN2Y4YjI3MTNmNzhkMmJmNTZlZjE2YmNjMzhkMjNiNjg0MDk1ZDIwMzM3MDNhMGRlNmQ5NjIyODNjNzQ2NTNkNGZjZjk0YzQyY2NmOTY1NzMxMDVhNGM0ZWM0MTI3NGUxZjBjYWRkMDM1OTRlM2Q4MmJhMjY2YTY2YTAzOTZmMjI4NzkwYzEwMzZjYzk2ODE5ZTI2ZWJkNzAzMGFjYWFmZGI2MDhlNzg1MmI1M2QxY2U1YmI0YWYyYWE3MDU5MjYwYWM4ODdlOTk5MjIxYTMyOTFlNGRkZDFjNjM5NzhiMGYwMzllZTA5ZTZkNTYzZTQzY2I1N2E5M2Q4OWYyZWY4NzE2ZWQ2Yzg2N2Y4MGU4OTdhYjE2NDI2OTQ3ZWJhZTliNTYyMDg2MDc2NGMxMjcwZDkyZTJjMzA3ZmNiMTJiZWYyOGJlNWI3MWJhMTg3N2NmMTE4YjI4MTZlMDIwMTk0NGZmZjk2NDQ5NTEzN2I5Mjg2NDg0MzJiZDQ4NWUxOWE0N2Y2MjcyYjkwZTFjNDI3ZTJhNTE3MTMwZmE3ZTYxMzU1YWY4OWYyZTc4ODg5ZGQ3MWFiNTUwYmQyOTUxODUxZmM2MDAwNTZiNGQ5MTQ1OThhN2QyMWY2YjM0NmZjMjA1NzM5MDY1Y2JjMjg3NjcwNjc4Mzk1ZWNiZTgxMzBkY2ZiZWJlYWE2ZjU1NDAxMmFjMzE5NmQ2MGFjZTkzNjhhOTBhMDdjYmVlMDZjNGM1MzE2MDhjMTliNmU3NTU4NTkxMzY0ODRkZDY4OGI3NGZmZjc5ZDc5MTg0YzA1M2U4NWEyYThmODQwMGU2Mjc2ZTNkOWIzMDljOTk4MmQ5MTNjNzliNWMxNWJlNDg2NmRhMTY1MDFlMzMzYmJiN2FkZjQ0ZjI4OGE3NmYzZDIzNjFmZTQwZTEwZTA4MTI2NWVjOTdjZTU3MmRhMTA1ZjUwNjE1MmVmOTVhNWQ2MjYwYWI2Mjk1ZThhOTM0NGQ0ZTU0ZDdkNDI4ODY2MmY5ODA1ZThjMjRhMTU0MmI2NGJjNDRkNGMxMjY3ZTIzY2Y1NDMxOWZjNDU1NzllYTkzYTM5NTEyNmExMzA0NmJiYTk0M2UxNTE5NzM3NTYyYjUzZTQ2ZDNjM2MyNjIwODhkYWFlODAyNzNhMTFiMTdhMzA0ZWU2NDhhNzc3NDUxZTdiNGMxZmFkNWY5OGU1MjdlNmI0N2ZjNmIzZDkwYTkzNjMzZjY1ZDE4MTM4ODZhMWExMTFjNTViYmIxNTM4MWEwODQxMjk1YjkyMTllNDIwZmUyYzA0MzFmMzY0NWFjMWVhNGEzNzAxOThiNDc0YWRjYjdjZWIyNWMyZDNlMzhhMDgyMDMxYzMwODIwMzE4MzA4MjAyMDBhMDAzMDIwMTAyMDIxMTAwYjYxZWQwMjQ0NDZmZmRiMTMwMGFjOGZmM2Y2ZjMxNmUzMDBkMDYwOTJhODY0ODg2ZjcwZDAxMDEwYjA1MDAzMDJjMzExNDMwMTIwNjAzNTUwNDBhMTMwYjczNjM2NTcwMmQ2MzZjNjk2NTZlNzQzMTE0MzAxMjA2MDM1NTA0MDMxMzBiNTM0MzQ1NTAyMDUzNDk0NzRlNDU1MjMwMWUxNzBkMzIzNTMwMzEzMjMyMzEzODM0MzkzMjMyNWExNzBkMzIzNTMwMzEzMjMyMzEzOTM0MzkzMjMyNWEzMDJjMzExNDMwMTIwNjAzNTUwNDBhMTMwYjczNjM2NTcwMmQ2MzZjNjk2NTZlNzQzMTE0MzAxMjA2MDM1NTA0MDMxMzBiNTM0MzQ1NTAyMDUzNDk0NzRlNDU1MjMwODIwMTIyMzAwZDA2MDkyYTg2NDg4NmY3MGQwMTAxMDEwNTAwMDM4MjAxMGYwMDMwODIwMTBhMDI4MjAxMDEwMGI3ODZhM2U2MGI4Yjc1NDhiOWY0NGZkNWVkZTYyNzZmNjRhNmY0NzI3M2JkMTg3ZmU2ZWI1Y2I0MjdmMGY5MjU5Mzc0YmNhOWM3ODk5ZDQwNDI5OTkzOWIxMjM2N2E2NDdkYWM5NzBmYzNmN2U5NTAzMTRhZDc2M2E4NmY5OGQ4MGJmZGYyN2FjODNhOTMyZDlkNzY3NTNiMGJkODQ4NTlmOWQ5MTE2OGIzYzQxMWFhNTI2Yjg1ZTQ5ZTc3OWVhNmJkYTA4NWY1MzYzOGQ1Njg0YTY3MjcwNDQyMDVmZTkwMWFiMmQxNDQ4MDQxNGQyYTFiNjFlYWQ2NmRmOWNhODVkY2Y4MDIzMDhkZTdiZDRiN2UwZmVmMGUwZTEwNGFjY2FkYWIwOGZjNGRiMzQwZmQ2NWExNGY2N2M0Yzc5ZWI4N2ZiNjkwZmU0MDM4OGVkNzVlOTJmMmI1NjZmMTAzM2Q5NDYzYTdkMDAyNGUwZjMxMzAzNDA1MDM5OGJmNmI0MTk1YzRlYjkxZjg4NDBlZTgwYjQwZjMwZmUxMThkM2JiZmExNjZiYTQ3YzI4OWMyYTgyZjIyNmJmZWJkMWFhOTliMTJiZGJjMDQ3NGQwMzg3YTZiNmVjMWQ4OGJkNzg2ZTJkM2I5ZDIyMTAxMmIwMmE5NTdlYjFmNjFiNWRjODliMDIwMzAxMDAwMWEzMzUzMDMzMzAwZTA2MDM1NTFkMGYwMTAxZmYwNDA0MDMwMjA1YTAzMDEzMDYwMzU1MWQyNTA0MGMzMDBhMDYwODJiMDYwMTA1MDUwNzAzMDEzMDBjMDYwMzU1MWQxMzAxMDFmZjA0MDIzMDAwMzAwZDA2MDkyYTg2NDg4NmY3MGQwMTAxMGIwNTAwMDM4MjAxMDEwMDM4YWNjN2U2YmVmYTI2M2Y5OTFmMGFhNzUzYTNhNTZiZTVmMGYyZDU5MmE3YWRkMzNkOWRjNjYwNjQ1NmEwMzRlNGQxNGMxM2M5MGZiNjFmMTRkNjM0MGZkN2JlZjIxMTc3N2E5OTQzZTQ2NzM0NzdmZjkxZDM1ODk4YzRjNjU4M2E3ZDNmY2QxMGE2Mzc3YzZkYmFjN2MxYmZlNTEwNzgyZGQ2NWIyY2EwZWRkMmEzZWY1ZjVhNWY5N2M5YzE0NzA4YTVhZjU0OTdiYTdhOTc1NjEwZjI4MmU5YzQwZTcyNTI5ZDlkNDI0ZGFkM2FiMzI4ZWNmYzg4ZTBmOWIxNmMxY2RjMmM3YzI2OTZhMGNjYmYyMDE2NDZiYWY5NDJhMWVhODQzN2ZhODUwNTM4OGJiZTA0MmQ0YjdhNTI0MTk5MTc3YTYzNTk0MDMwMjg5NTY1OGNlNjNhYzM5ZTRkOTQ3MDMwZDg0MmVhZmU3MGZhMWNmNjk0NmVlYzg5MzcxMjZhNzBkMjBhOTdjMDYwZDM1MmQxNDAyY2JjY2U3NzI3MWUwMWU2ZWZkZDg5M2JmYWY3N2M1ZDUwMzhkYzM0ZGMyZWRkNzliYWViNzI2OTlkNzNiM2Y0YTgzYWNiMDk4MWNmOWM4NzBlMjAzNzFiMzYxZWVkNjNhMGI0MzU0MmRiMzE4MjAyMjgzMDgyMDIyNDAyMDEwMTMwNDEzMDJjMzExNDMwMTIwNjAzNTUwNDBhMTMwYjczNjM2NTcwMmQ2MzZjNjk2NTZlNzQzMTE0MzAxMjA2MDM1NTA0MDMxMzBiNTM0MzQ1NTAyMDUzNDk0NzRlNDU1MjAyMTEwMGI2MWVkMDI0NDQ2ZmZkYjEzMDBhYzhmZjNmNmYzMTZlMzAwNzA2MDUyYjBlMDMwMjFhYTA4MWMxMzAxMjA2MGE2MDg2NDgwMTg2Zjg0NTAxMDkwMjMxMDQxMzAyMzEzOTMwMTgwNjA5MmE4NjQ4ODZmNzBkMDEwOTAzMzEwYjA2MDkyYTg2NDg4NmY3MGQwMTA3MDEzMDFjMDYwOTJhODY0ODg2ZjcwZDAxMDkwNTMxMGYxNzBkMzIzNTMwMzEzMjMyMzEzODM1MzIzMzM1NWEzMDIwMDYwYTYwODY0ODAxODZmODQ1MDEwOTA1MzExMjA0MTAwN2JlZDNmZjZlNmZlNGNmMzFhNzMxZjFiZGU5NmIxNDMwMjMwNjA5MmE4NjQ4ODZmNzBkMDEwOTA0MzExNjA0MTQ0YjZmMDBiNGQwMDQwM2YxMDc5NGNkMzdiNDNjZTM0OTU4YzAwMjc0MzAyYzA2MGE2MDg2NDgwMTg2Zjg0NTAxMDkwNzMxMWUxMzFjMzI1MzM0NzE0YTQ0NmIzMTQyNTI1MDdhMzQzMTJiNzk3MjQ2NGY2ZjZjNzA0ODc5Nzg0MTY3M2QzMDBiMDYwOTJhODY0ODg2ZjcwZDAxMDEwNTA0ODIwMTAwMTA3MWFkODNiMzUyN2NjNjJlN2QwZTJkODE0MTVjODMxNjg0M2VjYzUzYzFmMjBkMDE5MmQ1N2M4NmZlZjQwOWUyMDAzMTdiMTZlZGFhNGY1MmU0NjQ0Mjc4MjZlY2FlY2I3ODhjN2IyNDk3MmQ2MmI0ZWFmODMzZjJiOWRmMTNhMDRlMjA1MzM1N2RiMzdiNzZlOTg3NjQzODYzMjlmNzdjY2ViNzg1Y2NiODU1YzQwMjM3OTRhYWUxMWJhNmY2NzYzODY4NWY3OWJkMTkzYjBiMGQ2MjA0MDQzNmI1NDBkYWZlYTgzMmJjMWJjZTExOWY2ODcyNDYyMDI0OTRkNWFjNjZlNmQwYzFlOTBlN2MxODA2NGY4ZDI2YTcwNmFhODMxNmE1N2U5YjQwMWYxYzdiMzU4Y2Y1ZDM1NDBmY2I5YmMxMzhhMmYyZDg1YmVjNTI1YjZlMjI4MzBkMjhkMmYxZGM0YTQzNmZhNTE4MDVmOTkyMGY5ZGY2ZWIyMGY3NTBhN2JiMzNlNzFhNmE0NzE1ZDJmMGFmY2M5ZWYwZmY4NzQ0ZmRjNGQ3ZjRiNjFjZTNmMDlhZWY3NjQ3MDE4ZTE3NjM4ZTUyODI0YzkzZWYzMmQ0NDg0MzI0YTNkNjI5ZmFlNGM4NDBiYjk0N2EzMjVlM2U1YmEzMmRiODgzZWI= |
|
The message looks OK. I checked it out, but I forgot that the actual CSR that should contain the challenge is embedded in the message, and is not readily available for inspection. Is it an option for you to compile your own |
|
Thanks for checking. Let me try and will let you know. |
Great 🙂 The minimal change to debug the CSR is something like this: hslatman#1. |
Hello, trying to test the SCEP client with EJBCA-CE however getting no password was sent with the request.
➜ scepclient-windows-amd64-v2.2.0 ✗ .\scepclient-windows-amd64.exe -cn "test-LAP-7344-EJBCA" -challenge "test" -cacert-message "default" -debug -server-url "http://10.68.30.33:8080/ejbca/publicweb/apply/scep/portal/pkiclient.exe" -private-key ./nn.key
level=info ts=2025-01-22T18:59:17.5236031Z op=GetCACert error=null took=11.2827ms
level=debug ts=2025-01-22T18:59:17.5236031Z msg=cacertlist count=1
level=debug ts=2025-01-22T18:59:17.5236031Z msg=cacertlist number=0 rdn="CN=test Issuing CA - G3" hash_type=SHA-256 hash=234fbf1862db313606c56e23b0989332ae7504418c5b257e0448fda869be7555
level=debug ts=2025-01-22T18:59:17.5241062Z msg="creating SCEP CSR request" transaction_id="2S4qJDk1BRPz41+yrFOolpHyxAg=" signer_cn="SCEP SIGNER"
level=info ts=2025-01-22T18:59:17.5296515Z op=GetCACaps error=null took=4.5185ms
level=info ts=2025-01-22T18:59:17.5446602Z op=PKIOperation error="http request failed with status 400 Bad Request, msg: <title>Error</title>No password in request." took=15.0087ms
PKIOperation for PKCSReq (19): http request failed with status 400 Bad Request, msg: <title>Error</title>No password in request.
The text was updated successfully, but these errors were encountered: