SCEP Server Error : "failed to sign CSR"

[vijay11tiwari]

Not able to sign the client CSR certificate.

server side error.

{"caller":"scep.go:278","level":"debug","msg":"parsed scep pkiMessage","scep_message_type":"PKCSReq (19)","transaction_id":"D6CA8D501DA6EBEB4C694DC6FD7CE1B2","ts":"2024-06-10T19:32:24.8241114Z"} {"caller":"scep.go:355","has_challenge":true,"level":"debug","msg":"decrypt pkiEnvelope","ts":"2024-06-10T19:32:24.8254487Z"} {"caller":"service.go:88","err":"open depot\serial: The file exists.","msg":"failed to sign CSR","ts":"2024-06-10T19:32:24.8453609Z"}

SCEP client side error.

pkistatus: FAILURE finding attribute failInfo [int get_signed_attribute(struct stack_st_X509_ATTRIBUTE *, int, int, char *):1231] ASN1 Type: found 19 given 19 allocating 1 bytes for attribute [int pkcs7_unwrap(scepTransactionT ):1022] reason: Transaction not permitted or supported finding attribute failInfoText ASN.1 type not found rc(1) failInfoText is NULL pkcs7_unwrap fails with error = 1 enroll Sscep library call for enroll setup is failed.

[jessepeterson]

Which client is this? Does this work with the as-shipped scepclient? Thanks!

[vijay11tiwari]

No, it is not a micromdm scep client. we have our client and it is running fine with Microsoft and cisco scep sever. we are testing micromdm scep server and it is failing for us.

[korylprince]

MIght be worth trying mysqlscepserver over using the default file store. Seems like you might be having issues with the file store.