Hi Daniel, sorry the last answer was incomplete - you need to change the "state" filter also:
query:
type:
- certificate_enroll
state:
- PENDING
- PENDING_POLICY_VIOLATION
- MANUAL_AUTHORIZATION
Oliver
Am 29.04.19 um 09:57 schrieb daniel.Jackson.fr via OpenXPKI-users:
> Thank you for the answer.
>
>
> I can see the pending request using the "workflow search", but I still can't
> see them using the "My task view".
>
> Here is the full config in case there is an other mistake :
>
> - label: I18N_OPENXPKI_UI_TASKLIST_PENDING_ENROLLMENT_LABEL
> description: I18N_OPENXPKI_UI_TASKLIST_PENDING_ENROLLMENT_DESCRIPTION
> ifempty: hide
> query:
> type:
> - certificate_enroll
> state:
> - PENDING_APPROVAL
> - PENDING_MANUAL_AUTHENTICATION
> - PENDING_POLICY
> cols:
> - label: I18N_OPENXPKI_UI_WORKFLOW_SEARCH_SERIAL_LABEL
> field: WORKFLOW_SERIAL
> - label: I18N_OPENXPKI_UI_WORKFLOW_SEARCH_UPDATED_LABEL
> field: WORKFLOW_LAST_UPDATE
> - label: I18N_OPENXPKI_UI_WORKFLOW_STATE_LABEL
> field: WORKFLOW_STATE
> - label: I18N_OPENXPKI_UI_CERTIFICATE_SUBJECT
> field: context.cert_subject
> - label: I18N_OPENXPKI_UI_WORKFLOW_FIELD_TRANSACTION_ID_LABEL
> field: attribute.transaction_id
>
>
> Daniel
>
>
> ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐
> Le lundi 29 avril 2019 08:13, Oliver Welter <[email protected]> a écrit :
>
>> Hi Daniel,
>>
>> looks like we have a mistake in the config so the SCEP workflows dont
>> show up as open tasks :(
>>
>> You should find the pending request using the "workflow search". To fix
>> the "My Task" view, open uicontrol/RA Operator.yaml and change the
>> workflow type from "enrollment" to "certificate_enroll" around line 100:
>>
>> query:
>> type:
>> - certificate_enroll
>>
>> Trusted signer requires signature of incoming requests with a special
>> enrollment certificate and here you can define what certs "match" -
>> check the docs of the EvalSignerTrust Perl Module for more details.
>>
>> Chain validation fails as the request is self signed (thats ok) and for
>> the warning on the fallback see
>> https://openxpki.readthedocs.io/en/latest/subsystems/index.html#config-path-expansion
>>
>> Oliver
>>
>> Am 26.04.19 um 09:17 schrieb daniel.Jackson.fr via OpenXPKI-users:
>>
>>> Hi,
>>> I am working on OpenXPKI for a month now. I have configured a lot of
>>> things. (great job, it is quite easy !).
>>> Using sscep, I can get the CA certificates. However, I can't make the
>>> SCEP server work properly to generate new certificates.
>>> These are the commands I use :
>>>
>>> - mkdir tmp
>>> - ./sscep_dyn getca -c tmp/cacert -u http://localhost/scep/scep
>>> - ./sscep_dyn enroll -u http://localhost/scep/scep -k
>>> tmp/scep-test.key -r tmp/scep-test.csr -c tmp/cacert-0 -l
>>> tmp/scep-test.crt -t 10 -n 1
>>>
>>>
>>> I automatically get the certificate when :
>>>
>>> - approval_points: 0 (that proves the scep server works)
>>>
>>> but, when i ask a new certificate with :
>>>
>>> - approval_points: 1
>>>
>>> I am in pending state (that's normal behaviour I guess) and I (as a
>>> operator) can't validate the request : it does not appear in the task
>>> board. This is weird because when I use the same csr in the demo server
>>> it works, I can validate it with the raop account. But in mine the
>>> request does not appear. I am working locally (localhost) is this a
>>> problem ?
>>> I haven't modify the SCEP configuration file, the secret challenge is
>>> still SecretChallenge ^^.
>>> My questions are :
>>>
>>> - Is there some configutation to make them visible to the operator
>>> task board ?
>>>
>>> - How does the "authorized signer works" ?
>>> - What does it mean "Trusted Signer chain validation failed" ?
>>> - Finally, why do I always have "No config file found, falling back to
>>> default" ?
>>>
>>>
>>> Some log informations for you :
>>> catchall.log :
>>> 2019/04/24 16:05:25 openxpki.application.INFO SCEP incoming request, id
>>> 127D4B178FF0619A50DD7574DBCB7F3C
>>> [pid=11627|sid=q2P/|sceptid=127D4B178FF0619A50DD7574DBCB7F3C]
>>> 2019/04/24 16:05:25 openxpki.application.INFO SCEP try to start new
>>> workflow for 127D4B178FF0619A50DD7574DBCB7F3C
>>> [pid=11627|sid=q2P/|sceptid=127D4B178FF0619A50DD7574DBCB7F3C]
>>> 2019/04/24 16:05:26 openxpki.application.INFO Rendering subject:
>>> CN=test,DC=Test Deployment,DC=OpenXPKI,DC=org
>>> [pid=11627|sid=q2P/|wftype=certificate_enroll|wfid=1279|sceptid=127D4B178FF0619A50DD7574DBCB7F3C]
>>> 2019/04/24 16:05:26 openxpki.application.WARN Trusted Signer chain
>>> validation FAILED
>>> [pid=11627|sid=q2P/|wftype=certificate_enroll|wfid=1279|sceptid=127D4B178FF0619A50DD7574DBCB7F3C]
>>> 2019/04/24 16:05:26 openxpki.application.INFO Trusted Signer not found
>>> in trust list (CN=test,O=Internet Widgits Pty Ltd,ST=Some-State,C=AU).
>>> [pid=11627|sid=q2P/|wftype=certificate_enroll|wfid=1279|sceptid=127D4B178FF0619A50DD7574DBCB7F3C]
>>> 2019/04/24 16:05:26 openxpki.application.INFO validate challenge using
>>> compare validated
>>> [pid=11627|sid=q2P/|wftype=certificate_enroll|wfid=1279|sceptid=127D4B178FF0619A50DD7574DBCB7F3C]
>>> 2019/04/24 16:05:26 openxpki.application.INFO Eligibility check for
>>> scep.scep-server-1.eligible.initial failed
>>> [pid=11627|sid=q2P/|wftype=certificate_enroll|wfid=1279|sceptid=127D4B178FF0619A50DD7574DBCB7F3C]
>>> 2019/04/24 16:05:26 openxpki.application.INFO Trigger notification
>>> message enroll_approval_pending
>>> [pid=11627|sid=q2P/|wftype=certificate_enroll|wfid=1279|sceptid=127D4B178FF0619A50DD7574DBCB7F3C]
>>> 2019/04/24 16:05:27 openxpki.application.INFO SCEP started new workflow
>>> with id 1279, state PENDING
>>> [pid=11627|sid=q2P/|sceptid=127D4B178FF0619A50DD7574DBCB7F3C]
>>> 2019/04/24 16:05:27 openxpki.application.INFO SCEP 1279 in state
>>> PENDING, send pending reply
>>> [pid=11627|sid=q2P/|sceptid=127D4B178FF0619A50DD7574DBCB7F3C]
>>> 2019/04/24 16:05:38 openxpki.application.INFO SCEP incoming request, id
>>> 127D4B178FF0619A50DD7574DBCB7F3C
>>> [pid=11633|sid=Cvbq|sceptid=127D4B178FF0619A50DD7574DBCB7F3C]
>>> 2019/04/24 16:05:38 openxpki.application.INFO SCEP incoming request,
>>> found workflow 1279, state PENDING
>>> [pid=11633|sid=Cvbq|sceptid=127D4B178FF0619A50DD7574DBCB7F3C]
>>> 2019/04/24 16:05:38 openxpki.application.INFO SCEP 1279 in state
>>> PENDING, send pending reply
>>> [pid=11633|sid=Cvbq|sceptid=127D4B178FF0619A50DD7574DBCB7F3C]
>>> scep.log :
>>> 2019/04/24 16:05:24 DEBUG:11602 Autodetect config file for service scep:
>>> scep.conf
>>> 2019/04/24 16:05:24 DEBUG:11602 No config file found, falling back to
>>> default
>>> 2019/04/24 16:05:24 INFO:11602 Incoming request from 127.0.0.1 with
>>> PKIOperation
>>> 2019/04/24 16:05:27 DEBUG:11602 Response send
>>> 2019/04/24 16:05:37 DEBUG:11602 Autodetect config file for service scep:
>>> scep.conf
>>> 2019/04/24 16:05:37 DEBUG:11602 No config file found, falling back to
>>> default
>>> 2019/04/24 16:05:37 INFO:11602 Incoming request from 127.0.0.1 with
>>> PKIOperation
>>> 2019/04/24 16:05:38 DEBUG:11602 Response send
>>> workflow.log :
>>> 2019/04/24 16:05:26 1279 Rendering subject: CN=test,DC=Test
>>> Deployment,DC=OpenXPKI,DC=org
>>> 2019/04/24 16:05:26 1279 Trusted Signer chain validation FAILED
>>> 2019/04/24 16:05:26 1279 Trusted Signer not found in trust list
>>> (CN=test,O=Internet Widgits Pty Ltd,ST=Some-State,C=AU).
>>> 2019/04/24 16:05:26 1279 validate challenge using compare validated
>>> 2019/04/24 16:05:26 1279 Eligibility check for
>>> scep.scep-server-1.eligible.initial failed
>>> 2019/04/24 16:05:26 1279 Trigger notification message
>>> enroll_approval_pending
>>> Thank you for your time,
>>> Daniel
>>>
>>> OpenXPKI-users mailing list
>>> [email protected]
>>> https://lists.sourceforge.net/lists/listinfo/openxpki-users
>>
>> --
>>
>> Protect your environment - close windows and adopt a penguin!
>>
>> OpenXPKI-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/openxpki-users
>
>
>
>
> _______________________________________________
> OpenXPKI-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/openxpki-users
>
--
Protect your environment - close windows and adopt a penguin!
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
