Hi, thank you for your reply.
So, i remove the new realm named "test", and now i'm configuring .yaml files in
the folder "realm" and it works :) I managed to modify parameters such as the
validity, renewal of CRL ...
Thank you for your help :)
But now i'm encountering a problem when i try to configure an SSCEP client. If
i follow the quick start, by generating a certificate with a private key and
retrieving CA certificate with the sscep command, when i want to click on "Add
Authentification" on the web interface, the following message appeared :
"I18N_OPENXPKI_TOOLKIT_COMMAND_FAILED; __COMMAND__ =>
OpenXPKI::Crypto::Backend::OpenSSL::Command::issue_cert; __ERRVAL__ =>
I18N_OPENXPKI_CRYPTO_CLI_EXECUTE_FAILED; __EXIT_STATUS__ => 256"
Is it possible to use a certificate with his private key generate by my PKI
server instead of using an unsigned certificate generated on the "client" ? I
try to do that but when i do the sscep command, i have an error :
error while reading request file
139818879022760:error:0D074041:asn1 encoding routines:ASN1_i2d_bio:malloc
failure:a_i2d_fp.c:92:
139818879022760:error:0906D06C:PEM routines:PEM_read_bio:no start
line:pem_lib.c:701:
When i generate those certificates on the PKI server, i keep the same
parameters as the quick start (2048 RSA key)
Regards,
Nicolas.
Date: Sun, 26 Apr 2015 09:48:20 +0200
From: [email protected]
To: [email protected]
Subject: Re: [OpenXPKI-users] Load configuration Openxpki
Am 24.04.2015 um 08:53 schrieb Nicolas Grelliere:
> I use the 0.28 version of OpenxPKI, when i restart the server, the new
> configuration is not parsed. For example, I change the default lifetime
> of certificates and this modification doesn't appeared when I do a
> certificate request on the Web interface.
We do not have any config cache, so if you do a openxpkictl restart the
config *is* read from the filesystem. I assume you stumbled upon the
fact that the config has a validity setting in the profile itself and in
the default.yaml - the value in default.yaml is only used if there is no
setting in the profile/my-profile-name.yaml. Might this be the case?
> In the file openxpki/config.d/system/realms.yaml, i create a label named
> "test" and next in the folder config.d I do a copy of the folder realm
> which is named test.
> In openxpki/config.d/test/, I realise several modifications of .yaml
> files. After that, when I restart the server, any changes appeared.
> Is it the good way for configuring OpenxPKI or not ?
I do not understand this part - a new realm is a new logical PKI
instance with its own issuing certificates, etc. If you want to have
such a second instance, this is the right way.
If you give us more information on your use case, I can tell you how to
do it.
Oli
--
Protect your environment - close windows and adopt a penguin!
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
