Hello everyone,
We've configured an openxpki EST server. It has following config for client
cert auth in stack.yaml & handler.yaml. Still if we provide any wrong
certificate in our application, certificate enrollment is successful. Whereas
if we use testrfc7030.com, then in our application, certificate enrollment is
NOT successful. Is there any problem in the config and if yes, can you pl help
us where we need to change w.r.t. est server configuration.
stack.yaml
# Login with a client certificate, needs to be setup on the webserver
Certificate:
label: Client certificate
description: Login using a client certificate
handler: Certificate
type: x509
sign:
# This is the public key matching the private one given in
webui/default.conf
# Use "openssl pkey -pubout" to create the required string from the
private key
key:
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE+Kd4mdLwV4bEMaKQ2aUxO4e18QAuE1k0je5i82qk0haG8b8h1VJ4SaslRa+/Nff6Mhx31yRR6RNzmjEPRgLZYw==
handler.yaml
# Using the default config this allows a user login with ANY certificate
# issued by the democa which has the client auth keyUsage bit set
# the commonName is used as username!
Certificate:
type: ClientX509
role: User
arg: CN
trust_anchor:
realm: democa
Thanks & Regards,
Chandra
Chandramauli De
QA, Fleet management
STL, ISS
[http://www.lexmark.com/common/images/email/lexmark-logo-email-signature.png]<https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.lexmark.com%2F&data=04%7C01%7Cheather.henley%40lexmark.com%7Cae5eb35646f344334e4c08d8ee023b6e%7C127090656e6c41c99e4dfb0a436969ce%7C1%7C0%7C637521040645785536%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=sr%2Bw4EEmMZPexRDBAYLsirn0QDIupP27eMq9c708gB8%3D&reserved=0>
www.lexmark.com
[cid:[email protected]]
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
