DEVHIDE
Login Or Sign up

Enrolling certificate using ecc key

564 Views Asked by At

created all the csr, .key and .pem files using ecc key of 256 size getting following error while trying to enroll 

./sscep enroll -u http://192.168.1.157/certsrv/mscep/mscep.dll -k private.key -r enroll.csr -l client.crt -c ca.pem-0 -e ca.pem-1 -O MyClient1.pem -K MyClient1.key -v
./sscep: starting sscep, version 0.6.1
./sscep: new transaction
./sscep: transaction id: D41D8CD98F00B204E9800998ECF8427E
./sscep: hostname: 192.168.1.157
./sscep: directory: certsrv/mscep/mscep.dll
./sscep: port: 80
./sscep: Read request with transaction id: 20E9B0F702CF51A8D7650CF1A7229CA5
./sscep: SCEP_OPERATION_ENROLL
./sscep: sending certificate request
./sscep: creating inner PKCS#7
./sscep: inner PKCS#7 in mem BIO
./sscep: request data dump
----BEGIN CERTIFICATE REQUEST----
MIHmMIGOAgEAMA4xDDAKBgNVBAMTA3NyaTBWMBAGByqGSM49AgEGBSuBBAAKA0IA
BJgIOmdRvePpEp9wXDrfiR8t2Q/mgdg13G1daBB487w5yZ7KOiEB+Fu4Qzv2X1fW
P6IbrVRayhjYsiAnN+cpDK2gITAfBgkqhkiG9w0BCQcxEhMQNDNDMEVBNjU3RDEx
NjI0MjAKBggqhkjOPQQDAgNHADBEAiAA2pTl52EWKwl/jMqsHHJ8FxR/pL5C17oe
xyrNRAxl7QIgP3tSdIesv9lF+NaqReNGR67sBzuklciBEePezXfCuKk=
----END CERTIFICATE REQUEST----
./sscep: data payload size: 233 bytes
./sscep: successfully encrypted payload
./sscep: envelope size: 698 bytes
./sscep: creating outer PKCS#7
./sscep: error adding PKCS#7 signature
1073771664:error:21081093:PKCS7 routines:PKCS7_SIGNER_INFO_set:signing ctrl failure:pk7_lib.c:391:

Not sure about possible reason behind this error I used following commands to create keys and certificates which I am using here.

./openssl ecparam -name secp256k1 -genkey -noout -out private.pem

./openssl ecparam -name secp256k1 -genkey -noout -out MyRootCA.key
./openssl req -x509 -new -nodes -key MyRootCA.key -sha256 -days 1024 -out MyRootCA.pem

./openssl ecparam -name secp256k1 -genkey -noout -out MyClient1.key
./openssl req -new -key MyClient1.key -out MyClient1.csr
./openssl x509 -req -in MyClient1.csr -CA MyRootCA.pem -CAkey MyRootCA.key -CAcreateserial -out MyClient1.pem -days 1024 -sha256
./openssl req -config scep.cnf -new -key private.pem -out enroll.csr
openssl scep
Original Q&A
1

There are 1 best solutions below

0
BrnVrn On

For what I understand you only used ECC keys to create you SCEP request, but ECC cannot be used in PKCS#7. You need RSA keys to encrypt your message.

See https://access.redhat.com/documentation/en-us/red_hat_certificate_system/9/html/administration_guide/enrolling_a_certificate_in_a_cisco_router#issuing-ecc-certificates-with-scep

Related Questions in OPENSSL

Related Questions in SCEP

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs

Popular Questions

.

Copyright © 2021 Jogjafile Inc.