Hello Alex,
>The configuration seems to be set to copy the subject key identifier
>into the authority key identifier extension of the issued certificate.
>Is it possible that your CA certificate does not contain a subject
>key identifier extension, so that OpenSSL fails when trying to copy
>it from the CA certificate?
Maybe my steps are not correct? Could you check it please:
1. Login as RA Operator
2. Set secret part
3. Disconnect
4. Login as User
5. Create workflow (role - user, csr_type - pkcs10)
6. Workflow successfully created (without errors in log)
7. Disconnect
8. Connect as RA Operator
9. Key creating
After this step i have 7 possible actions:
$VAR1 = {
'COMMAND' => 'get_workflow_activities',
'SERVICE_MSG' => 'COMMAND',
'PARAMS' => [
'I18N_OPENXPKI_WF_ACTION_CHANGE_CSR_SUBJECT',
'I18N_OPENXPKI_WF_ACTION_CHANGE_CSR_SUBJECT_ALT_NAME',
'I18N_OPENXPKI_WF_ACTION_CHANGE_CSR_PROFILE',
'I18N_OPENXPKI_WF_ACTION_APPROVE_CSR',
'I18N_OPENXPKI_WF_ACTION_CHANGE_CSR_ROLE',
'I18N_OPENXPKI_WF_ACTION_REJECT_CSR',
'I18N_OPENXPKI_WF_ACTION_CHANGE_CSR_INFO'
]
};
I select APPROVE CSR action. Successfully (without errors in log). Then i
have:
$VAR1 = {
'COMMAND' => 'get_workflow_activities',
'SERVICE_MSG' => 'COMMAND',
'PARAMS' => [
'I18N_OPENXPKI_WF_ACTION_PERSIST_CSR',
'I18N_OPENXPKI_WF_ACTION_APPROVE_CSR',
'I18N_OPENXPKI_WF_ACTION_REJECT_CSR',
'I18N_OPENXPKI_WF_ACTION_CANCEL_CSR_APPROVAL'
]
};
I select PERSIST CSR and have that problem in log file
"> 461:error:2207707B:X509 V3 routines:V2I_AUTHORITY_KEYID:unable to get
> issuer keyid:v3_akey.c:166:
> 461:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in
> extension:v3_conf.c:93:name=authorityKeyIdentifier, value=
> keyid:always,issuer:always"
I tried to transact all my steps throw web interface and have differents
problems in "signing request" and "generate key" because of some links
deficiency. For example, when i try to generate key, i have link
"generate_key.html# which doesn't exists in openxpki directories...so i
can't use this interface directly for check my steps :(
Thank you in advance
--
With best regards,
Chudnovskaya Elvira
------------------------------------------------------------------------------
This SF.net email is sponsored by:
SourcForge Community
SourceForge wants to tell your story.
http://p.sf.net/sfu/sf-spreadtheword
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
