Hi Kevin,the second approach is definitely wrong, the GetCRL commands expects the Issuer and Serialnumber of the entity certificate, not of the CRL.
2017/05/18 07:51:40 openxpki.application.ERROR:11973 [OpenXPKI::Service::SCEP::Command::PKIOperation (/usr/lib/x86_64-linux-gnu/perl5/5.20/OpenXPKI/Service/SCEP/Command/PKIOperation.pm:255); scep-server-1()@00a3] SCEP getcrl - no issuer found for serial 415776007826350848549631 and issuer DC=ORG,DC=OpenXPKI,OU=Test CA,CN=CA ONE
This looks like your implementation reverses the DN when adding it to the request. OpenXPKI internally uses this data to make a SQL query and if you have a look at the tables, you should see that the Issuer DN starts with the CN part.
It works that way with the tools we use at the moment but I am not really sure if this is a problem on our side, so if this behaviour is caused by code inside jscep, we might negotiate if we need to change it.
best regards Oliver -- Protect your environment - close windows and adopt a penguin!
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
