> CMS Verification failure > > failed to verify pkcs7 signed data > > pkinit_as_rep_parse returning -1765328320 (Invalid signature) > > pkinit_as_rep_parse returned -1765328320 (Invalid signature) > > pkinit_client_process: returning -1765328320 (Invalid signature) >
To close this thread, this invalid signature error on the client-side was due to mismatched X.509 certificates being fed to the KDC configuration file in "pkinit_identity". Ensuring that they were the right private key/public key pair fixed the problem. Of course, the KDC logs didn't mention any errors during or after startup about this configuration error, but that's another issue ;) . Cheers, Siddharth ________________________________________________ Kerberos mailing list Kerberos@mit.edu https://mailman.mit.edu/mailman/listinfo/kerberos
