Hi Nicolas, Am 29.04.2015 um 13:40 schrieb Nicolas Grelliere:
Actually, with the CN it works, thanks for your help. The default
great to hear.
configuration for scep delivered a certificate with the TLS profile, when i change it to I18N_OPENXPKI_USER on the /scep/default.conf file, sscep return me an error : "error while sending message".
Have a look at the profile files, the scep process renders the subject from the section named "enrollment", if you want a user certificate you need to add such a section with the appropriate values there.
Moreover, on the web interface, certificates delivered using scep protocols don't appeared on the page "my certificates".
Its possible but requires setup - the "My" is related to the users identity which is the username used during setup. The scep server is not associated to any user. If you can provide a source to map the scep requests to users it is possible to feed this information into the system - but that is completly undocumented yet =(
The only solution to see them is to go on "search certificate" and click on search, isn't it ?
The client fetches the cert anyway, so there is usually no reason to get this cert from the GUI. To search/look for any certs this is the way to go.
Oliver
Nicolas. Date: Tue, 28 Apr 2015 11:51:07 +0200 From: [email protected] To: [email protected] Subject: Re: [OpenXPKI-users] Load configuration Openxpki Am 28.04.2015 um 11:00 schrieb Nicolas Grelliere:>this indicate that the openssl command to actually create the >certificate crashes. I have seen this some times in the past when using >non-latin chars or special attributes in the certificate. In order to create initials certificate, i used the script named sampleconfig.sh. The only modification that i've done is the validity of the ROOT certificate and the CA ONE certificate. I don't use special characters or attributesWhat about special chars in your requested certificate?I redo the configuration on OpenxPKI following the QuickStart without modification of the sampleconfig script. I have the same error, can you send me a private address in order to send you the database ?You can use [email protected].> Is it possible to use a certificate with his private key generate by my > PKI server instead of using an unsigned certificate generated on the > "client" ? I try to do that but when i do the sscep command, i have an > error : >What certificate are you talking about? In order to enrol my client on the PKI server, i want to use enrol-certificates delivered by the OpenxPKI server. So it avoid to use unsigned certificates generated on the client.SCEP has two modes of operation, initial enrollment with a self-signed CSR or enrollment on behalf where the request is signed with an "authenticated" certificate. Of yourse you can create this enrollment certificate using the PKI, but this kind of setup is beyond the demo showcase and requires some setup if you want to do it right. Oliver -- Protect your environment - close windows and adopt a penguin! ------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users ------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
-- Protect your environment - close windows and adopt a penguin!
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
