Marx, Peter wrote:
Hi,

i have to access an external PKI server with SCEP protocol through our
corporate proxy.  On command line I can set the proxy and trigger a CSR
with the scep-submit helper successfully.

What are you setting, environment variables I assume?

But same operation with getcert fails, as there is no proxy
configuration possibility in e.g. certmonger.conf.

How can I work around this ?

A quick kludge might be to replace scep-submit with a shell script that exports the proxy config and then calls the real scep-submit.

A perhaps better and more supportable idea would be to add a CA pointing to this new helper, something like:

getcert add-ca -c exampleSCEPca -e \
"/usr/libexec/certmonger/scep-submit-proxy -u http://ca.example.com/cgi-bin/pkiclient.exe";

So scep-submit-proxy would setup the environment and call scep-submit.

rob


Peter



Knorr-Bremse IT-Services GmbH
Sitz: München
Geschäftsführer: Helmut Draxler (Vorsitzender), Harald Jessen, Harald
Schneider
Registergericht München, HR B 167 268

This transmission is intended solely for the addressee and contains
confidential information.
If you are not the intended recipient, please immediately inform the
sender and delete the message and any attachments from your system.
Furthermore, please do not copy the message or disclose the contents to
anyone unless agreed otherwise. To the extent permitted by law we shall
in no way be liable for any damages, whatever their nature, arising out
of transmission failures, viruses, external influence, delays and the like.



--
Manage your subscription for the Freeipa-devel mailing list:
https://www.redhat.com/mailman/listinfo/freeipa-devel
Contribute to FreeIPA: http://www.freeipa.org/page/Contribute/Code

Reply via email to