Re: [OpenXPKI-users] Problems with EST Authentication

Mon, 16 Aug 2021 07:31:57 -0700 

Hi Oliver,

So I need to replace the "dummy.crt" in "/etc/openxpki/tls/chain" with the
"OpenXPKI_Issuing_CA.crt" and enter "c_rehash /etc/openxpki/tls/chain/"?
After doing so and restarting the docker container, I am still having the
same problem as described...

----------
root@...:/var/log/openxpki# tail -f est.log
2021/08/12 08:46:15 INFO:73 EST handler initialized
2021/08/12 08:46:16 INFO:73 Disconnect client
2021/08/12 12:13:51 DEBUG:71 Config for service est loaded
2021/08/12 12:13:51 INFO:71 EST handler initialized
2021/08/12 12:13:51 DEBUG:71 Incoming request /.well-known/est/simpleenroll
2021/08/12 12:13:51 DEBUG:71 Autodetect config file for service est:
default.conf
2021/08/12 12:13:51 DEBUG:71 calling context is https
2021/08/12 12:13:51 DEBUG:71 EST unauthenticated (no cert)
2021/08/12 12:13:51 DEBUG:71 Autodetect config file for service est:
default.conf
2021/08/12 12:13:51 DEBUG:71 $VAR1 = {
          'workflow' => 'certificate_enroll',
          'pickup_attribute' => 'transaction_id',
          'pickup' => 'pkcs10'
        };
2021/08/12 12:13:51 DEBUG:71 Pickup via attribute with transaction_id =>
e0fff73e7ddf65f94c239e7f1b8c0ecd707fdc38
2021/08/12 12:13:51 DEBUG:71 Initialize client
2021/08/12 12:13:51 DEBUG:71 Started volatile session with id:
LOtvQJ2OTdS0oRYR6pBaiA==
2021/08/12 12:13:51 DEBUG:71 Selecting auth stack _System
2021/08/12 12:13:51 DEBUG:71 Pickup 767 for
e0fff73e7ddf65f94c239e7f1b8c0ecd707fdc38
2021/08/12 12:13:51 DEBUG:71 request for workflow info on 767
2021/08/12 12:13:51 INFO:71 Disconnect client
----------

----------
Request was rejected: I18N_OPENXPKI_UI_ENROLLMENT_ERROR_NOT_AUTHENTICATED
----------

I really want to make it work, but I'm still lost in doing so...

Robert

Am Do., 12. Aug. 2021 um 16:08 Uhr schrieb Oliver Welter <[email protected]>:

> Hi Robert,
>
> Am 12.08.21 um 14:26 schrieb Robert Krahl:
> >
> > Acceptable client certificate CA names
> > CN = Placeholder for TLS Client Auth
>
> you must replace this with your issuing ca certificate, it is in the
> openxpki/tls/chain folder, after placing the PEM encoded certifiate
> there you need to create the symlink with the hash-name using the
> "c_rehash" tool.
>
> Oliver
>
> --
> Protect your environment -  close windows and adopt a penguin!
>
>
> _______________________________________________
> OpenXPKI-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/openxpki-users
>

_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users






















					Reply via email to