JSCEP client against NDES for PKIOperation is giving 404 error.

[RAMANATH PAI]

It is very urgent, appreciate if someone could help me on this.

We are getting following error for PKIOperation while doing enrollment.

W/System.err(30423): org.jscep.transaction.

TransactionException: org.jscep.transport.TransportException: 404 Not Found

W/System.err(30423):     at org.jscep.transaction.Transaction.send(Transaction.java:101)

W/System.err(30423):     at org.jscep.transaction.EnrollmentTransaction.send(EnrollmentTransaction.java:116)

W/System.err(30423):     at org.jscep.client.Client.send(Client.java:711)

W/System.err(30423):     at org.jscep.client.Client.enrol(Client.java:666)

W/System.err(30423):     at org.jscep.client.Client.enrol(Client.java:609)



Client : Android JSCEP, Spongy castle.
Server: NDES SCEP Add on.

I/System.out(30423): ************* Receipient Certificate Details ************

I/System.out(30423): C=IN,CN=IRMS-MSCEP-RA / 94120097545518210613253 / DC=com,DC=home,CN=home-IRMS-CA


I/System.out(30423): ************* Signer Certificate Details - used ************

I/System.out(30423): C=IN,CN=IRMS-MSCEP-RA / 94119961593104459366404 / DC=com,DC=home,CN=home-IRMS-CA

I/System.out(30423): truefalsefalsefalsefalsefalsefalsefalsefalse

I/System.out(30423): ************* Issuer Certificate Details ************

I/System.out(30423): DC=com,DC=home,CN=home-IRMS-CA / 127230722359701975986910201530482352175 / DC=com,DC=home,CN=home-Server-CA

We have used Receipient certificate for creating envelope. and I assume that is only certificate will be used as far as sending request is concerned.

Regards,
RAM

[David Grant]

Hi Ram,

Which version of jscep are you using?

Dave

--
 
---
You received this message because you are subscribed to the Google Groups "jscep Support" group.
To unsubscribe from this group and stop receiving emails from it, send an email to jscep-suppor...@googlegroups.com.
For more options, visit https://groups.google.com/groups/opt_out.

[David Grant]

Hi Ram,

Are you using a profile as the last argument in enrol?

Dave

On 29 November 2013 07:28, RAMANATH PAI <pai.ra...@gmail.com> wrote:

It is very urgent, appreciate if someone could help me on this.

We are getting following error for PKIOperation while doing enrollment.

W/System.err(30423): org.jscep.transaction.TransactionException: org.jscep.transport.TransportException: 404 Not Found

W/System.err(30423):     at org.jscep.transaction.Transaction.send(Transaction.java:101)

W/System.err(30423):     at org.jscep.transaction.EnrollmentTransaction.send(EnrollmentTransaction.java:116)

W/System.err(30423):     at org.jscep.client.Client.send(Client.java:711)

W/System.err(30423):     at org.jscep.client.Client.enrol(Client.java:666)

W/System.err(30423):     at org.jscep.client.Client.enrol(Client.java:609)



Client : Android JSCEP, Spongy castle.
Server: NDES SCEP Add on.

I/System.out(30423): ************* Receipient Certificate Details ************

I/System.out(30423): C=IN,CN=IRMS-MSCEP-RA / 94120097545518210613253 / DC=com,DC=home,CN=home-IRMS-CA


I/System.out(30423): ************* Signer Certificate Details - used ************

I/System.out(30423): C=IN,CN=IRMS-MSCEP-RA / 94119961593104459366404 / DC=com,DC=home,CN=home-IRMS-CA

I/System.out(30423): truefalsefalsefalsefalsefalsefalsefalsefalse

I/System.out(30423): ************* Issuer Certificate Details ************

I/System.out(30423): DC=com,DC=home,CN=home-IRMS-CA / 127230722359701975986910201530482352175 / DC=com,DC=home,CN=home-Server-CA

We have used Receipient certificate for creating envelope. and I assume that is only certificate will be used as far as sending request is concerned.

Regards,
RAM

[RAMANATH PAI]

Hi Dave,

Sorry for the late response.
I am using JSCEP 2.0.2.
I am using Profile=PublicCA

Thanks for any help.

[RAMANATH PAI]

Hi Dave,

I didn't know what to use in profile argument.
Earlier I was not using anything means null, but later gave "PublicCA" as that was present in JSCEP usage guide.

[David Grant]

Do you call any other operations on the client?

Dave

--

[RAMANATH PAI]

 I call GetCACert, GetCACaps and PKIOperation.

 Basically the 404 not found error is coming in Operation=PKIOperation is coming.

Regards,
Ramanath Pai

[David Grant]

In that case, I would definitely double check that you're using the right profile.  GetCACert and GetCACaps don't use a profile name, but enrol does.  If you get it wrong, NDES will give you a 404.

Dave

[RAMANATH PAI]

Hi Dave,

 GetCACert and GetCACaps request are giving responses.
 But enroll is giving 404. How will I ensure the Profile name that I am using is correct?

Client side:
W/System.err(30423): org.jscep.transaction.TransactionException: org.jscep.transport.

TransportException: 404 Not Found

Server side:
There is event viewer log (Event Id: 17) error code is present.

Regards,
Ramanath Pai

[Ryan Schipper]

Hi Ramanathg,

If I recall correctly, the profile name is the name of your CA (entered in the CN box when you installed NDES).

- Ryan

[RAMANATH PAI]

11:33 (8 minutes ago)

Hi Ryan,

           Thanks for that response. 2 queries:
            1) So Do i need to send this Profile Name (CN of CA certificate) in all the operation(GetCACert, GetCACaps and PKIOperation) or just PKIOperation -enroll operation.?
            2) Also in which variable I need to send this profile name?  message=<Profile Name> is this correct?

[RAMANATH PAI]

Hi Guys,

I am able to move forward. 404 error is gone.
However, Now I am getting response but there is no signed certificate. It gives no certificate and Transaction ID mismatch.

Any clue?

[Tùng Chocolove]

Hi Ram,

I am stucked with this 404 too, I 've searched around for days but still didn't know how to fix this. Could you please tell me?

My log:

Exception in thread "main" org.jscep.client.ClientException: org.jscep.transport.TransportException: 404 Not Found

at org.jscep.client.Client.getCaCertificate(Client.java:278)

at org.jscep.client.Client.getEncoder(Client.java:694)

at org.jscep.client.Client.enrol(Client.java:619)

at org.jscep.client.Client.enrol(Client.java:577)

at com.seasol.jscep.example.KeyStoreExampleClientTest.main(KeyStoreExampleClientTest.java:112)

Caused by: org.jscep.transport.TransportException: 404 Not Found

at org.jscep.transport.UrlConnectionGetTransport.sendRequest(UrlConnectionGetTransport.java:61)

at org.jscep.client.Client.getCaCertificate(Client.java:276)

... 4 more

[David Grant]

Have you checked you're using the correct profile name?  Is the profile name you're passing in the following method the same as you're using in NDES:

public CertStore getCaCertificate(final String profile) throws ClientException

Dave

--

[Ramanath Pai]

Hi Tung,

As mentioned by David, you need to supply profile name in the message parameter of the request.

Regards
Ramanath Pai

--
 
---
You received this message because you are subscribed to a topic in the Google Groups "jscep Support" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/jscep-support/4NJ4ExJ01mY/unsubscribe.
To unsubscribe from this group and all of its topics, send an email to jscep-suppor...@googlegroups.com.

[David Grant]

Hi Ramanath,

Did you fix your other problem?

Dave

--
 
---

You received this message because you are subscribed to the Google Groups "jscep Support" group.

To unsubscribe from this group and stop receiving emails from it, send an email to jscep-suppor...@googlegroups.com.

[Ramanath Pai]

Hi David,

I had informed you about this.
Line 108: getKeyTransRecipient()
if ("1.3.14.3.2.7".equals(contentEncryptionAlgorithm.getAlgorithm().getId())) {

My flow was going into this and was giving "couldn't create DES cipher".. Hence moved the flow to else block and it worked.

You told that this was fix that was added initially.

Regards
Ramanath Pai

[David Grant]

So you did - thanks for reminding me!

[Tùng Chocolove]

Hi,

Thank you guys for your quick answer, I passed the profile name as the last parameter then problem has been resolved. 

Regards,

Tung.

Vào 15:00:25 UTC+7 Thứ sáu, ngày 17 tháng một năm 2014, RAMANATH PAI đã viết: