Hi Stefan,
OpenXPKI sends the payload in base64 without wrapping it into line
blocks while the EST test server does and it looks like the openssl
base64 is not able to handle this encoding. I have looked around a bit
and did not really find a normative reference if OpenXPKI is doing it
wrong or if this is just a glitch in OpenSSL but I will add this as an
RFE so we will implement line wrapping with the next release.
best regards
Oliver
On 12.06.24 09:48, Stefan Goeman wrote:
Hello
I want to use the following commands to get my ca files in a nicely
fomated pem-file:
*
curl -k --connect-timeout 10 -s
https://my_est_server/.well-known/est/cacerts -o cacerts.p7
*
openssl base64 -d -in cacerts.p7 | openssl pkcs7 -inform DER
-outform PEM -print_certs -out cacerts.pem
Now, when I use the testest server at
https://testrfc7030.com:8443/ these commands work and I get a nicely
looking pem file.
When I use these commands with my own openxpki server, the second
command does not work. I get the error (on debian 12) "unable to load
PKCS7 object".
One difference that I notice is that when I run the curl command
against the testrfc7030 server I already have a nicely formated
looking file, like you expect in a pem-file.
When I do the curl command against my own server, there is only one
line in the file, and when I open this file in vi I see the message
"incomplete last line". I have no idea what this means?
BTW, If I use "base64 -d cacerts.p7 | openssl pkcs7 -inform DER
-outform PEM -print_certs -out cacerts.pem" on my system, this works.
So, there is obviously a difference between "openssl base64" and "base64".
Much thanks in advance for your help.
Greetings,
Stefan.
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
--
Protect your environment - close windows and adopt a penguin!
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
