Hi Eric, those logs do not match your first post...in this case the reason is the regex for the transaction_id which does not match the regex found in config.d/realm.tpl/workflow/global/field/transaction_id.yaml. Remove or fix the regex and it should hopefully do.
Oliver Am 08.02.22 um 18:10 schrieb cwam--- via OpenXPKI-users: > Hi Oliver. > > According to the webUI and workflow.log, no workflow is started. > I am requesting only one certificate (only one try in the following logs). > This is my openxpki.log after a fresh docker start and a getcert at > 16:33. > > 2022/02/08 16:28:48 INFO Loaded auth handler LocalPassword [pid=1|] > 2022/02/08 16:28:48 INFO Loaded auth handler Anonymous [pid=1|] > 2022/02/08 16:28:48 INFO Loaded auth handler System [pid=1|] > 2022/02/08 16:28:48 INFO Loaded auth handler Certificate [pid=1|] > 2022/02/08 16:28:48 INFO Loaded auth handler Password Connector [pid=1|] > 2022/02/08 16:28:48 INFO Loaded auth handler TestAccounts [pid=1|] > 2022/02/08 16:33:08 ERROR Error executing SCEP command 'PKIOperation': > I18N_OPENXPKI_UI_VALIDATOR_FIELD_TYPE_INVALID > [pid=19|sid=FuTq|wftype=certificate_enroll|wfid=5887|sceptid=39746307736602139464711739816579892826419596063044338920628525300358398474976] > > catchall.log - I see a "try to start new workflow" > > 2022/02/08 16:33:08 openxpki.application.INFO LibSCEP PKIOperation; > message type: PKCSReq [pid=19|sid=FuTq] > 2022/02/08 16:33:08 openxpki.application.INFO SCEP incoming request, > id > 39746307736602139464711739816579892826419596063044338920628525300358398474976 > [pid=19|sid=FuTq|sceptid=39746307736602139464711739816579892826419596063044338920628525300358398474976] > 2022/02/08 16:33:08 openxpki.application.INFO SCEP try to start new > workflow for > 39746307736602139464711739816579892826419596063044338920628525300358398474976 > [pid=19|sid=FuTq|sceptid=39746307736602139464711739816579892826419596063044338920628525300358398474976] > 2022/02/08 16:33:08 openxpki.system.ERROR Error executing SCEP command > 'PKIOperation': I18N_OPENXPKI_UI_VALIDATOR_FIELD_TYPE_INVALID > [pid=19|sid=FuTq|wftype=certificate_enroll|wfid=5887|sceptid=39746307736602139464711739816579892826419596063044338920628525300358398474976] > > scep.log > > 2022/02/08 16:31:55 INF SCEP handler initialized [pid=69] > 2022/02/08 16:31:55 INF Incoming request from 192.168.56.127 with > GetCACaps [pid=69] > 2022/02/08 16:31:56 INF Incoming request from 192.168.56.127 with > GetCACert [pid=69] > 2022/02/08 16:33:07 INF Incoming request from 192.168.56.127 with > GetCACaps [pid=69] > 2022/02/08 16:33:07 INF Incoming request from 192.168.56.127 with > PKIOperation [pid=69] > 2022/02/08 16:33:08 ERR SCEP response is empty [pid=69] > > > When I am using sscep, all is OK. > Thanks for your help Oliver. > > Regards, > Eric > > -- > Sent with Tutanota, the secure & ad-free mailbox. > > > > Feb 7, 2022, 20:22 by [email protected]: > > Hi Eric, > > you get this kind of error when you either send two requests in a very > short time (database transaction isolation) or when your workflow > crashes during startup. Can you please check if a workflow was created > and/or for any other error messages before this log line in > openxpki.log > > Oliver > > Am 07.02.22 um 16:29 schrieb cwam--- via OpenXPKI-users: > > Hi, > > I meet difficulties using "getcert request" (from certmonger). > > # CLIENT SIDE > > Here is how I am trying to get a certificate from OpenXPKI > SCEP server > from a client : > > $ getcert request -I obtenirUnCertificat -c openxpki -d > /etc/pki/nssdb > -n scep-client-test -N cn="app.domain.lan" > > $ getcert list > Number of certificates and requests being tracked: 1. > Request ID 'obtenirUnCertificat': > status: CA_UNREACHABLE > ca-error: Server reply was of unexpected MIME type "text/plain". > stuck: no > key pair storage: > > type=NSSDB,location='/etc/pki/nssdb',nickname='scep-client-test',token='NSS > Certificate DB' > certificate: > type=NSSDB,location='/etc/pki/nssdb',nickname='scep-client-test' > signing request thumbprint (MD5): 44947907 8D31F82C A722E441 > 891312E5 > signing request thumbprint (SHA1): B329431B 72243BB2 8EC57B10 > B632DDF6 > FFD80142 > CA: openxpki > issuer: > subject: > expires: unknown > pre-save command: > post-save command: > track: yes > auto-renew: yes > > As you can read the error is : "Server reply was of unexpected > MIME > type "text/plain"." > > # OPENXPKI SIDE > On the Openxpki side, openxpki.log is showing : > > 2022/02/07 14:46:14 ERROR > > I18N_OPENXPKI_SERVICE_LIBSCEP_COMMAND_PKIOPERATION_PARALLEL_REQUESTS_DETECTED; > __DPSTATE__ => creating, __SERVER__ => generic, > __TRANSACTION_ID__ => > > 98045844304779527357588258779756540595169315217199782481781298876007486699834 > > [pid=181|sid=Hogn|sceptid=98045844304779527357588258779756540595169315217199782481781298876007486699834] > > 2022/02/07 14:46:14 ERROR Error executing SCEP command > 'PKIOperation': > > I18N_OPENXPKI_SERVICE_LIBSCEP_COMMAND_PKIOPERATION_PARALLEL_REQUESTS_DETECTED; > __DPSTATE__ => creating, __SERVER__ => generic, > __TRANSACTION_ID__ => > > 98045844304779527357588258779756540595169315217199782481781298876007486699834 > > [pid=181|sid=Hogn|sceptid=98045844304779527357588258779756540595169315217199782481781298876007486699834] > > And scep.log > > 2022/02/07 14:46:13 INF Incoming request from 192.168.56.126 with > GetCACaps [pid=79] > 2022/02/07 14:46:14 INF Incoming request from 192.168.56.126 with > PKIOperation [pid=79] > 2022/02/07 14:46:14 ERR SCEP response is empty [pid=79] > > > Does anyone manage to use certmonger for scep requests to openxpki > please ? > > Thank you. > Best regards. > Eric. > > > _______________________________________________ > OpenXPKI-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/openxpki-users > > > > -- > Protect your environment - close windows and adopt a penguin! > > > > _______________________________________________ > OpenXPKI-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/openxpki-users > > > > > _______________________________________________ > OpenXPKI-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/openxpki-users -- Protect your environment - close windows and adopt a penguin!
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
