Hi Martin, wow fast reply. :)
First I want to say I found another very interesting thing. (Not changed "allow_anon_enroll=1" yet) If I change the subject within the CSR to: "CN=<myhost>,DC=Test Deployment.openxpki.org" my request gets stuck on "pending". Then I have the possiblity to "Reject Request" in red button & "Reject Request" in green button. After I have done the "Reject Request" with green button, I can now "Approve Request". Then my SSCEP client correctly receives the certificate. (Here are some screenshots: https://imgur.com/a/FaJTwju ) Maybe you can explain to me WHY changing the subject to the one above is required? :) Now based on your instructions I changed "allow_anon_enroll = 1" & I changed the subject like described above. The workflow stops again in status "pending". I have now directly the possibility to select "Approve Request" (without previous "Reject Request"). Then my SSCEP client correctly receives the certificate. Now based on another mailing list entry I have read some days ago ( https://sourceforge.net/p/openxpki/mailman/message/34705147/ ) I additionally changed: scep.SERVERNAME.eligible.initial.value = 1 Now the certificate gets enrolled fully automatic. :):):):) Of course I will have to change the eligible check using a connector to something more useful later :) PS: Maybe some site note - between all of the three tests above I have reset my openxpki virtual server machine using an snapshot. I know that scep.SERVERNAME.policy.max_active_certs = 1 is set ant wanted to prevent errors/ different behaviour due to this. Of course this is something that I further need to test... Kind Regards Martin Am Di., 16. Okt. 2018 um 18:00 Uhr schrieb Martin Bartosch <[email protected] >: > Hi, > > Yes, I was about to ask for the context. The context and the WF history > really help understanding what is going on in the system. > > Your context shows that your configuration does not allow anonymous > enrollment (p_allow_anon_enroll = 0). > > In your config set > > scep.SERVERNAME.policy.allow_anon_enroll = 1 > > and retry. > > Cheers > > Martin > > _______________________________________________ > OpenXPKI-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/openxpki-users >
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
