Hi,the current SCWP workflow still uses the old CSR parser which does not properly handle this extensions. We are already working on a rewrite of the SCEP code which will hopefully be available in Spring 2018.
If you need a solution before, you need to deal with the internals of OpenXPKI profiles and workflows but this is beyond the scope of this mailing list.
Oliver Am 14.12.2017 um 12:43 schrieb Cho Chan:
Hi all,Via web interface I can issue and sign certificate with SAN containing DNS names + IP addresses, but when I try to request certificate via scep with CSR with SAN containing DNS names + IP addresses it fails.When I am requesting certificate via scep with CSR with SAN containing only DNS names it works without any issues.Logs:2017/12/14 12:27:14 openxpki.application.INFO <http://openxpki.application.INFO> Execute action global_nice_issue_certificate on workflow #83711 [pid=22249|sid=9JM0|wftype=enrollment|wfid=83711|sceptid=7EC364D3D8007561F69ED5E77F618C88] 2017/12/14 12:27:14 openxpki.application.INFO <http://openxpki.application.INFO> start cert issue for serial 29695, workflow 83711 [pid=22249|sid=9JM0|wftype=enrollment|wfid=83711|sceptid=7EC364D3D8007561F69ED5E77F618C88] 2017/12/14 12:27:14 system.crypto.ERROR OpenSSL error: Using configuration from /var/tmp/openxpki2224996ckphuvError Loading extension section v3ca140517810112144:error:0E06D06C:configuration file routines:NCONF_get_string:no value:conf_lib.c:324:group=ca name=email_in_dn *140517810112144:error:22075075:X509 V3 routines:v2i_GENERAL_NAME_ex:unsupported option:v3_alt.c:550:name=IP Address* 140517810112144:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in extension:v3_conf.c:95:name=subjectAltName, value=DNS:docker-test.example.com <http://docker-test.example.com>,IP Address:127.0.0.1,IP Address:10.1.10.100unable to write 'random state' [pid=22249|sid=9JM0|wftype=enrollment|wfid=83711|sceptid=7EC364D3D8007561F69ED5E77F618C88]2017/12/14 12:27:14 openxpki.system.ERROR I18N_OPENXPKI_CRYPTO_CLI_EXECUTE_FAILED; __EXIT_STATUS__ => 256 [pid=22249|sid=9JM0|wftype=enrollment|wfid=83711|sceptid=7EC364D3D8007561F69ED5E77F618C88] 2017/12/14 12:27:14 openxpki.system.ERROR I18N_OPENXPKI_TOOLKIT_COMMAND_FAILED; __ERRVAL__ => I18N_OPENXPKI_CRYPTO_CLI_EXECUTE_FAILED; __EXIT_STATUS__ => 256; __COMMAND__ => OpenXPKI::Crypto::Backend::OpenSSL::Command::issue_cert [pid=22249|sid=9JM0|wftype=enrollment|wfid=83711|sceptid=7EC364D3D8007561F69ED5E77F618C88]2017/12/14 12:27:14 ERROR I18N_OPENXPKI_CRYPTO_CLI_EXECUTE_FAILED; __EXIT_STATUS__ => 256 [pid=22249|sid=9JM0|wftype=enrollment|wfid=83711|sceptid=7EC364D3D8007561F69ED5E77F618C88] 2017/12/14 12:27:14 ERROR I18N_OPENXPKI_TOOLKIT_COMMAND_FAILED; __ERRVAL__ => I18N_OPENXPKI_CRYPTO_CLI_EXECUTE_FAILED; __EXIT_STATUS__ => 256; __COMMAND__ => OpenXPKI::Crypto::Backend::OpenSSL::Command::issue_cert [pid=22249|sid=9JM0|wftype=enrollment|wfid=83711|sceptid=7EC364D3D8007561F69ED5E77F618C88] 2017/12/14 12:27:15 ERROR Caught exception from action: [Generic exception]; reset workflow to old state 'PREPARED' [pid=22249|sid=9JM0|wftype=enrollment|wfid=83711|sceptid=7EC364D3D8007561F69ED5E77F618C88]Thank you in advance! Regards, Cho ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
-- Protect your environment - close windows and adopt a penguin!
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
