Hi at all, I’m currently stuck while trying to upload a CSR to OpenXPKI via RPC and let it signed interactive by an Operator. While doing this interactive using the UI and logging in as Anonymous everything works as expected. But with RPC I get an exception (Details below). The corresponding Workflow exists after the request and also has the correct CSR in context but with "State FAILURE", "Run State finished", "error_code Request was not authenticated“ Did I miss a ting as i.e. a CertificateSearch via RPC works seamlessly. Is this a version thing?
Kind regards, Robert openxpkiadm version: Version (core): 1.20.2 rpc.log: 2019/03/14 09:47:06 INFO:28897 RPC handler initialized 2019/03/14 09:47:06 DEBUG:28897 Autodetect config file for service rpc: .conf 2019/03/14 09:47:06 DEBUG:28897 No config file found, falling back to default 2019/03/14 09:47:06 DEBUG:28897 calling context is https 2019/03/14 09:47:06 DEBUG:28897 RPC unauthenticated (no cert) 2019/03/14 09:47:06 DEBUG:28897 Initialize client 2019/03/14 09:47:06 DEBUG:28897 Started volatile session with id: BcCr77bFQjeOqEL+uJjJ1g== 2019/03/14 09:47:06 DEBUG:28897 Selecting realm ca-oftp 2019/03/14 09:47:06 DEBUG:28897 Selecting auth stack Anonymous 2019/03/14 09:47:07 DEBUG:28897 Workflow created (ID: 4607), State: FAILURE 2019/03/14 09:47:07 INFO:28897 RPC request was processed properly (Workflow: 4607, State: FAILURE 2019/03/14 09:47:07 DEBUG:28897 Keys cert_identifier, error_code 2019/03/14 09:47:07 INFO:28897 Disconnect client curl request: curl -F "method=RequestCertificate" -F "comment=Test" -F pkcs10="$(cat csr.pem)" https://192.168.20.57/rpc -k curl result: { "result":{ "data":{ "error_code":"I18N_OPENXPKI_UI_ENROLLMENT_ERROR_NOT_AUTHENTICATED" }, "state":"FAILURE", "id":"4607", "pid":28897 } } With following configuration: default.conf: [global] log_config = /etc/openxpki/rpc/log.conf log_facility = client.rpc socket = /var/openxpki/openxpki.socket realm = ca-oftp [auth] stack = Anonymous [RequestCertificate] workflow = certificate_enroll param = pkcs10, comment output = cert_identifier, error_code env = signer_cert servername = enroll [RevokeCertificateByIdentifier] workflow = certificate_revocation_request_v2 param = cert_identifier, reason_code, comment, invalidity_time env = signer_cert, signer_dn servername = default output = error_code [RevokeCertificateByEntity] workflow = certificate_revoke_by_entity param = entity, reason_code, comment env = signer_cert, signer_dn servername = default output = error_code [SearchCertificate] workflow = certificate_search param = common_name output = cert_identifier, notbefore, notafter, status enroll.yaml: authorized_signer: # rule1: # Full DN # subject: CN=.+:scepclient,.* # rule2: # Full DN # subject: CN=.+:pkiclient,.* # You must set at least one of both options or remove the is_policy_loaded # condition in the workflow definition policy: allow_man_authen: 0 allow_man_approv: 1 allow_anon_enroll: 1 approval_points: 1 profile: # cert_profile: I18N_OPENXPKI_PROFILE_TLS_SERVER # cert_subject_style: enroll cert_profile: oftp2 cert_subject_style: 05_advanced_styles eligibility: value: 1 eligible: initial: value: 1 renewal: value: 1 _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
