> Cisco router use CEP protocol to enroll certificates.
> It can only request certificates to CA servers which supports
> CEP. I do not know how you made Cisco router to save the Certi request
> in this attached file. How did you get it?
By pointing it to a http server which has the following cgi script:
#!/usr/local/bin/tcl
set cgi_bin "/usr/local/apache/cgi-bin"
set ssl "/usr/local/ssl"
source $cgi_bin/cgi-args.tcl
get_cgi_args
global cgi_args
#if {[info exists env(REMOTE_HOST)]} {
# set remhost $env(REMOTE_HOST)
#} else {
# set remhost $env(REMOTE_ADDR)
#}
switch $cgi_args(operation) {
GetCACert {
if ![file isfile $ssl/$cgi_args(message)/cacert.der] {
exit 1
}
puts "Content-type: application/x-x509-ca-cert"
puts ""
exec cat $ssl/$cgi_args(message)/cacert.der
}
PKIOperation {
# set r "/tmp/cert_req_[pid].pem"
# set f [open "|$ssl/bin/base64 -d |$ssl/bin/req -inform der -text > $r" w]
set r "/tmp/cert_req.[pid]"
set f [open "|$ssl/bin/base64 -d > $r" w]
puts $f $cgi_args(message)
close $f
}
}
exit 0
Hopefully at some point the script and openssl will have enough functionality
to make the Cisco router happy.
-- John
-------------------------------------------------------------------------
| Feith Systems | Voice: 1-215-646-8000 | Email: [EMAIL PROTECTED] |
| John Wehle | Fax: 1-215-540-5495 | |
-------------------------------------------------------------------------
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
