SCEP enrollment failure ( sending request to 'http://localhost:8080/scep/pkiclient?operation=PKIOperation'... did not receive a valid SCEP response: HTTP 400)

[edwige-jb]

I am new to SCEP. I installed OpenXPKI following the installation guide, I ran the sampleconfig script. I am able to use the WebUI test platform to generate/enroll certificates. When I try to enroll a certificate using "pki --scep" from the Strongswan 5.9.13 package, I encounter an error. Can anyone help me figure this out?

Here are the steps I took until the the failure from the client side. The first two commands succeeded.
pki_scep.log
The full getCaCert output is attached.

sudo openssl genrsa -out scep.key 2048

sudo pki --scepca --debug 3 --url http://localhost:8080/scep/pkiclient --outform pem --caout cacert --raout racert

sudo bash -c 'pki --scep --debug 4 --url http://localhost:8080/scep/pkiclient --outform pem --cacert-enc racert.pem --cacert-sig cacert-1.pem --cacert cacert.pem --in scep.key --san "myScepClient.test.org" --dn "C=CH, O=strongswan Project, CN=myScepClient.test.org" --interval 10 --maxpolltime 120 > scep.crt'

sending scep request to 'http://localhost:8080/scep/pkiclient'
sending request to 'http://localhost:8080/scep/pkiclient?operation=PKIOperation'...
did not receive a valid SCEP response: HTTP 400

SCEP Log:

2025/02/04 06:34:02 ERR Request was rejected: I18N_OPENXPKI_UI_INVALID_PROFILE [pid=86|ep=pkiclient]
2025/02/04 06:34:02 WAR Client error / malformed request: badRequest (internal code: 40006) [pid=86|ep=pkiclient]