Hello.
I try to write a Client in C# to do certificate requests over REST.
Doing the SearchCertificate works just fine but when using the
RequestCertificate (which is described in the /etc/openxpki/rpc/...conf) I get
en error that the request is not authenticated.
The response from the OpenXPKI WebService is:
{"result":{"data":{"error_code":"I18N_OPENXPKI_UI_ENROLLMENT_ERROR_NOT_AUTHENTICATED"},"state":"FAILURE","pid":11171,"id":"8191"}}
Rpc.log shows:
2018/09/05 11:10:04 DEBUG:11171 Autodetect config file for service rpc:
ca-iaxd.conf
2018/09/05 11:10:04 DEBUG:11171 calling context is https
2018/09/05 11:10:04 DEBUG:11171 RPC unauthenticated (no cert)
2018/09/05 11:10:04 DEBUG:11171 Initialize client
2018/09/05 11:10:04 DEBUG:11171 Started volatile session with id:
1ujveeuw6BGWImGK1JWZug==
2018/09/05 11:10:04 DEBUG:11171 Selecting realm ca-iaxd
2018/09/05 11:10:04 DEBUG:11171 Selecting auth stack _System
2018/09/05 11:10:05 DEBUG:11171 Workflow created (ID: 8191), State: FAILURE
2018/09/05 11:10:05 INFO:11171 RPC request was processed properly (Workflow:
8191, State: FAILURE
2018/09/05 11:10:05 DEBUG:11171 Keys cert_identifier, error_code
2018/09/05 11:10:05 INFO:11171 Disconnect client
What exactly means the '2018/09/05 11:10:04 DEBUG:11171 RPC unauthenticated (no
cert)' line? I have used a certificate which I also use for SCEP.
I have also followed some the instruction from another users post to create a
client certificate with the subject "myhost:pkiclient" where myhost is the
hostname of my OpenXPKI machine which certificate and key is under /tmp.
I also got the following lines in the realms rpc.conf:
authorized_signer:
rule1:
# Full DN
subject: CN=.+:scepclient,.*
rule2:
# Full DN
subject: CN=.+:pkiclient,.*
rule3:
identifier: JhkmsmPpsQrmrXoBRLJl2UIcSFc
so rule 2 should catch the client certificate I have created for the rpc
request and rule 3 should catch the scep certificate I use in my Rest request
as it matches the identifier.
What exactly I'm doing wrong? :)
Mit freundlichen Grüßen / Best regards
Andreas Krieger
operational services GmbH & Co. KG
Junior Systems Engineer, Mirrorserver/2
T3-Application Services North
Pascalstrasse 11
10587 Berlin | Germany
Telefon +49 375 60619 905
[email protected]
www.operational-services.de/
Please find the compulsory statements here:
www.operational-services.de/compulsoryStatements
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
