0

in a SCEP process I'm developing, the first step has to be this one (link)

1. CA Authentication

SCEP uses the CA certificate in order to secure the message exchange for the CSR. As a result, it is necessary to obtain a copy of the CA certificate. The GetCACert operation is used.

1.1 Request

The request is sent as a HTTP GET request. A packet capture for the request looks similar to this: GET

/cgi-bin/pkiclient.exe?operation=GetCACert

So, after sending the request I get back a ashx file which contains three X.509 certificates in some kind of binary data.

Response succeed

Success - The request is accepted and the signed certificate is included. The signed certificate is held within a special type of PKCS#7 called a "Degenerate Certificates-Only PKCS#7," which is a special container that can hold one or more X.509 or CRLs, but does not contain a signed or encrypted data payload.

Is there any way I can extract those three certificates using openssl? Because I'm not finding out how. I would like to extract them in a pem or der format. Thanks in advance

PS: I'm quite new with all these enviromments.

Noob_Number_1
  • 725
  • 5
  • 20
  • 1
    ASHX is just an ASP HTTP handler. It like saying, [*"I got a HTTP file"*](http://stackoverflow.com/q/5469491). You need to fully describe what you really have.... You might start with Microsoft's [Network Device Enrollment Service (NDES)](https://www.google.com/search?q=microsoft+ndes) documentation. – jww Dec 17 '15 at 09:32
  • Thanks for the links. I need to learn a lot of stuff :) – Noob_Number_1 Dec 18 '15 at 08:57

1 Answers1

0

So, a colleague found a solution.

The CA certificate is requested to an URL like these one:

http://myserver.com/MyIDSCEP/MyIDSCEP.ashx

and what gives you back is a file like this one

CERTIFICATES.ashx

Where are three certificates contained. If you execute this you can get them:

openssl pkcs7 -inform der -in test.der -print_certs

This my problem was solved. Thanks.

Noob_Number_1
  • 725
  • 5
  • 20