Hi guys,
We’re trying to get the SCEP client working with a Microsot CA server. In the past few days, I read as much articles as I could, I tried to downgrade to previous versions, etc. but still we are receiving the following error:
07:37:41 certificate,debug,packet status: failure (2)
07:37:41 certificate,debug,packet fail: badRequest (2)
07:37:41 certificate,debug,packet transaction: 4a540f84f55cc69643376e80878897cad8cdb6824ba433b18668ca8a72f35e5e
07:37:41 certificate,debug,packet sender nonce: 0a46fc67c9e84645a7d3628e62836b8e
07:37:41 certificate,debug,packet recipient nonce: de1a71586965c32da35e75cbd7b1030b
07:37:41 certificate,debug request failed: badRequest
07:37:41 certificate,error scep client failure: requesting-certificate-failed
The full log is attached.
The configuration that I used is as follows:
/certificate add name=template common-name=template
/certificate add-scep challenge-password=3892AF044159AA706D931BBA7DA78AC1 name=SCEP template=template scep-url=10.11.14.150/certsrv/mscep/mscep.dll
First, we tried with a dynamic Challenge Password, now it’s fixed static. Still, the server log says “The password is expired or already used”.
Has anyone done this before? Could you point out where are our mistakes?
P.S. I’m using a Mikrotik 951 with the latest 6.38 version.
Thanks in advance,
Dimitar
MT_SCEP_log.txt (24.8 KB)