Hello, I have encountered the following problems when using openssl: When I use the OpenSSL cmp to simulate a client to apply for a certificate, this error is reported. What should I do? When you use the OpenSSL cmp to simulate a client to apply for a certificate, what files need to be configured? CMP INFO: using OpenSSL configuration file '/opt/openssl/../openssl-1.1.0j/openssl.cnf' CMP INFO: no [cmp] section found in config file '/opt/openssl/../openssl-1.1.0j/openssl.cnf'; will thus use just [default] and unnamed section if present CMP INFO: sending ir 140327457654592:error:27076072:OCSP routines:parse_http_line1:server response error:crypto/ocsp/ocsp_ht.c:260:Code=404 140327457654592:error:390B1091:CMP routines:OSSL_CMP_MSG_http_perform:failed to receive pkimessage:crypto/cmp/cmp_http.c:516: 140327457654592:error:390A1098:CMP routines:OSSL_CMP_exec_IR_ses:ip not received:crypto/cmp/cmp_ses.c:199:

mpeylo / cmpossl

An OpenSSL-based implementation of the Certificate Management Protocol (CMP), defined in IETF RFCs 4210, 4211, and 6712. It is being extended according to the emerging RFCs 'CMP Updates' (CMPv3), 'CMP Algorithms', and 'Lightweight CMP Profile'.

https://github.com/mpeylo/cmpossl/wiki

Other

35 stars 13 forks source link

Hello, I have encountered the following problems when using openssl: When I use the OpenSSL cmp to simulate a client to apply for a certificate, this error is reported. What should I do? When you use the OpenSSL cmp to simulate a client to apply for a certificate, what files need to be configured? CMP INFO: using OpenSSL configuration file '/opt/openssl/../openssl-1.1.0j/openssl.cnf' CMP INFO: no [cmp] section found in config file '/opt/openssl/../openssl-1.1.0j/openssl.cnf'; will thus use just [default] and unnamed section if present CMP INFO: sending ir 140327457654592:error:27076072:OCSP routines:parse_http_line1:server response error:crypto/ocsp/ocsp_ht.c:260:Code=404 140327457654592:error:390B1091:CMP routines:OSSL_CMP_MSG_http_perform:failed to receive pkimessage:crypto/cmp/cmp_http.c:516: 140327457654592:error:390A1098:CMP routines:OSSL_CMP_exec_IR_ses:ip not received:crypto/cmp/cmp_ses.c:199: #192

Closed gezhouyu closed 5 years ago

gezhouyu commented 5 years ago

Hello, I have encountered the following problems when using openssl:

When I use the OpenSSL cmp to simulate a client to apply for a certificate, this error is reported. What should I do? When you use the OpenSSL cmp to simulate a client to apply for a certificate, what files need to be configured? CMP INFO: using OpenSSL configuration file '/opt/openssl/../openssl-1.1.0j/openssl.cnf' CMP INFO: no [cmp] section found in config file '/opt/openssl/../openssl-1.1.0j/openssl.cnf'; will thus use just [default] and unnamed section if present CMP INFO: sending ir 140327457654592:error:27076072:OCSP routines:parse_http_line1:server response error:crypto/ocsp/ocsp_ht.c:260:Code=404 140327457654592:error:390B1091:CMP routines:OSSL_CMP_MSG_http_perform:failed to receive pkimessage:crypto/cmp/cmp_http.c:516: 140327457654592:error:390A1098:CMP routines:OSSL_CMP_exec_IR_ses:ip not received:crypto/cmp/cmp_ses.c:199:

mpeylo commented 5 years ago

Your CMP server returned an HTTP 404 code. That means that you either configured the wrong server parameters (host, port, path) in the client or you misconfigured the server.

I recommend that you use Wireshark to see where you actually send the CMP/HTTP request to, and then verify that it is the same you configured.

The client has an extensive --help section, and you will find a man page either installed (depending how you built/installed) or in a file called cmp.pod in the source code.

gezhouyu commented 5 years ago

How to set Content-Type when the cmp client sends a request whose Content-Type is application/pkixcmp in HttpRequester?