>> configuration for scep delivered a certificate with the TLS profile,
>> when i change it to I18N_OPENXPKI_USER on the /scep/default.conf file,
> >sscep return me an error : "error while sending message".
>Have a look at the profile files, the scep process renders the subject
>from the section named "enrollment", if you want a user certificate you
>need to add such a section with the appropriate values there.
If people are interestd, for this option you have to :
On the file /config.d/realm/ca-on/profile/I18N_OPENXPKI_USER.yeml add on the
section "style" enroll :
dn: CN=[% realname %]+UID=[% username%] [% IF departement %],DC=[%
department %] [% END %], DC=Test Deployment, DC = Openxpki, DC=org.
You can find this information on the file I18N_OPENXPKI_TLS_SERVER.yaml
On the file /scep/default.conf, you have to modify the name of the profile.
An other question concerning the scep mechanism, i have enrol a client to my
PKI server. By default the renewal period is fixed to 14 days, during this
period, if one client certificate is almost out of day how can i do to renew it
? I have just to use sscep as the example in the QuickStart guide ?
Concerning the parameters on the sscep command :
Can i use the first csr certificate generated for the enrolmentShould i use the
crt certificate almost out of date ?
Nicolas.
------------------------------------------------------------------------------
One dashboard for servers and applications across Physical-Virtual-Cloud
Widest out-of-the-box monitoring support with 50+ applications
Performance metrics, stats and reports that give you Actionable Insights
Deep dive visibility with transaction tracing using APM Insight.
http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
