Hi Oliver,
It is now fully functionnal, thank you ! Daniel, ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ Le lundi 29 avril 2019 12:14, Oliver Welter <[email protected]> a écrit : > Hi Daniel, > > sorry the last answer was incomplete - you need to change the "state" > filter also: > > query: > type: > - certificate_enroll > state: > - PENDING > - PENDING_POLICY_VIOLATION > - MANUAL_AUTHORIZATION > > Oliver > > Am 29.04.19 um 09:57 schrieb daniel.Jackson.fr via OpenXPKI-users: > > > Thank you for the answer. > > I can see the pending request using the "workflow search", but I still > > can't see them using the "My task view". > > Here is the full config in case there is an other mistake : > > > > - label: I18N_OPENXPKI_UI_TASKLIST_PENDING_ENROLLMENT_LABEL > > description: I18N_OPENXPKI_UI_TASKLIST_PENDING_ENROLLMENT_DESCRIPTION > > ifempty: hide > > query: > > type: > > - certificate_enroll > > state: > > - PENDING_APPROVAL > > - PENDING_MANUAL_AUTHENTICATION > > - PENDING_POLICY > > cols: > > - label: I18N_OPENXPKI_UI_WORKFLOW_SEARCH_SERIAL_LABEL > > field: WORKFLOW_SERIAL > > - label: I18N_OPENXPKI_UI_WORKFLOW_SEARCH_UPDATED_LABEL > > field: WORKFLOW_LAST_UPDATE > > - label: I18N_OPENXPKI_UI_WORKFLOW_STATE_LABEL > > field: WORKFLOW_STATE > > - label: I18N_OPENXPKI_UI_CERTIFICATE_SUBJECT > > field: context.cert_subject > > - label: I18N_OPENXPKI_UI_WORKFLOW_FIELD_TRANSACTION_ID_LABEL > > field: attribute.transaction_id > > > > > > Daniel > > ‐‐‐‐‐‐‐ Original Message ‐‐‐‐‐‐‐ > > Le lundi 29 avril 2019 08:13, Oliver Welter [email protected] a écrit : > > > > > Hi Daniel, > > > looks like we have a mistake in the config so the SCEP workflows dont > > > show up as open tasks :( > > > You should find the pending request using the "workflow search". To fix > > > the "My Task" view, open uicontrol/RA Operator.yaml and change the > > > workflow type from "enrollment" to "certificate_enroll" around line 100: > > > query: > > > type: > > > > > > - certificate_enroll > > > > > > Trusted signer requires signature of incoming requests with a special > > > enrollment certificate and here you can define what certs "match" - > > > check the docs of the EvalSignerTrust Perl Module for more details. > > > Chain validation fails as the request is self signed (thats ok) and for > > > the warning on the fallback see > > > https://openxpki.readthedocs.io/en/latest/subsystems/index.html#config-path-expansion > > > Oliver > > > Am 26.04.19 um 09:17 schrieb daniel.Jackson.fr via OpenXPKI-users: > > > > > > > Hi, > > > > I am working on OpenXPKI for a month now. I have configured a lot of > > > > things. (great job, it is quite easy !). > > > > Using sscep, I can get the CA certificates. However, I can't make the > > > > SCEP server work properly to generate new certificates. > > > > These are the commands I use : > > > > > > > > - mkdir tmp > > > > - ./sscep_dyn getca -c tmp/cacert -u http://localhost/scep/scep > > > > - ./sscep_dyn enroll -u http://localhost/scep/scep -k > > > > tmp/scep-test.key -r tmp/scep-test.csr -c tmp/cacert-0 -l > > > > tmp/scep-test.crt -t 10 -n 1 > > > > > > > > > > > > I automatically get the certificate when : > > > > > > > > - approval_points: 0 (that proves the scep server works) > > > > > > > > but, when i ask a new certificate with : > > > > > > > > - approval_points: 1 > > > > > > > > I am in pending state (that's normal behaviour I guess) and I (as a > > > > operator) can't validate the request : it does not appear in the task > > > > board. This is weird because when I use the same csr in the demo server > > > > it works, I can validate it with the raop account. But in mine the > > > > request does not appear. I am working locally (localhost) is this a > > > > problem ? > > > > I haven't modify the SCEP configuration file, the secret challenge is > > > > still SecretChallenge ^^. > > > > My questions are : > > > > > > > > - Is there some configutation to make them visible to the operator > > > > task board ? > > > > > > > > - How does the "authorized signer works" ? > > > > > > > > - What does it mean "Trusted Signer chain validation failed" ? > > > > > > > > - Finally, why do I always have "No config file found, falling back to > > > > default" ? > > > > > > > > > > > > Some log informations for you : > > > > catchall.log : > > > > 2019/04/24 16:05:25 openxpki.application.INFO SCEP incoming request, id > > > > 127D4B178FF0619A50DD7574DBCB7F3C > > > > [pid=11627|sid=q2P/|sceptid=127D4B178FF0619A50DD7574DBCB7F3C] > > > > 2019/04/24 16:05:25 openxpki.application.INFO SCEP try to start new > > > > workflow for 127D4B178FF0619A50DD7574DBCB7F3C > > > > [pid=11627|sid=q2P/|sceptid=127D4B178FF0619A50DD7574DBCB7F3C] > > > > 2019/04/24 16:05:26 openxpki.application.INFO Rendering subject: > > > > CN=test,DC=Test Deployment,DC=OpenXPKI,DC=org > > > > [pid=11627|sid=q2P/|wftype=certificate_enroll|wfid=1279|sceptid=127D4B178FF0619A50DD7574DBCB7F3C] > > > > 2019/04/24 16:05:26 openxpki.application.WARN Trusted Signer chain > > > > validation FAILED > > > > [pid=11627|sid=q2P/|wftype=certificate_enroll|wfid=1279|sceptid=127D4B178FF0619A50DD7574DBCB7F3C] > > > > 2019/04/24 16:05:26 openxpki.application.INFO Trusted Signer not found > > > > in trust list (CN=test,O=Internet Widgits Pty Ltd,ST=Some-State,C=AU). > > > > [pid=11627|sid=q2P/|wftype=certificate_enroll|wfid=1279|sceptid=127D4B178FF0619A50DD7574DBCB7F3C] > > > > 2019/04/24 16:05:26 openxpki.application.INFO validate challenge using > > > > compare validated > > > > [pid=11627|sid=q2P/|wftype=certificate_enroll|wfid=1279|sceptid=127D4B178FF0619A50DD7574DBCB7F3C] > > > > 2019/04/24 16:05:26 openxpki.application.INFO Eligibility check for > > > > scep.scep-server-1.eligible.initial failed > > > > [pid=11627|sid=q2P/|wftype=certificate_enroll|wfid=1279|sceptid=127D4B178FF0619A50DD7574DBCB7F3C] > > > > 2019/04/24 16:05:26 openxpki.application.INFO Trigger notification > > > > message enroll_approval_pending > > > > [pid=11627|sid=q2P/|wftype=certificate_enroll|wfid=1279|sceptid=127D4B178FF0619A50DD7574DBCB7F3C] > > > > 2019/04/24 16:05:27 openxpki.application.INFO SCEP started new workflow > > > > with id 1279, state PENDING > > > > [pid=11627|sid=q2P/|sceptid=127D4B178FF0619A50DD7574DBCB7F3C] > > > > 2019/04/24 16:05:27 openxpki.application.INFO SCEP 1279 in state > > > > PENDING, send pending reply > > > > [pid=11627|sid=q2P/|sceptid=127D4B178FF0619A50DD7574DBCB7F3C] > > > > 2019/04/24 16:05:38 openxpki.application.INFO SCEP incoming request, id > > > > 127D4B178FF0619A50DD7574DBCB7F3C > > > > [pid=11633|sid=Cvbq|sceptid=127D4B178FF0619A50DD7574DBCB7F3C] > > > > 2019/04/24 16:05:38 openxpki.application.INFO SCEP incoming request, > > > > found workflow 1279, state PENDING > > > > [pid=11633|sid=Cvbq|sceptid=127D4B178FF0619A50DD7574DBCB7F3C] > > > > 2019/04/24 16:05:38 openxpki.application.INFO SCEP 1279 in state > > > > PENDING, send pending reply > > > > [pid=11633|sid=Cvbq|sceptid=127D4B178FF0619A50DD7574DBCB7F3C] > > > > scep.log : > > > > 2019/04/24 16:05:24 DEBUG:11602 Autodetect config file for service scep: > > > > scep.conf > > > > 2019/04/24 16:05:24 DEBUG:11602 No config file found, falling back to > > > > default > > > > 2019/04/24 16:05:24 INFO:11602 Incoming request from 127.0.0.1 with > > > > PKIOperation > > > > 2019/04/24 16:05:27 DEBUG:11602 Response send > > > > 2019/04/24 16:05:37 DEBUG:11602 Autodetect config file for service scep: > > > > scep.conf > > > > 2019/04/24 16:05:37 DEBUG:11602 No config file found, falling back to > > > > default > > > > 2019/04/24 16:05:37 INFO:11602 Incoming request from 127.0.0.1 with > > > > PKIOperation > > > > 2019/04/24 16:05:38 DEBUG:11602 Response send > > > > workflow.log : > > > > 2019/04/24 16:05:26 1279 Rendering subject: CN=test,DC=Test > > > > Deployment,DC=OpenXPKI,DC=org > > > > 2019/04/24 16:05:26 1279 Trusted Signer chain validation FAILED > > > > 2019/04/24 16:05:26 1279 Trusted Signer not found in trust list > > > > (CN=test,O=Internet Widgits Pty Ltd,ST=Some-State,C=AU). > > > > 2019/04/24 16:05:26 1279 validate challenge using compare validated > > > > 2019/04/24 16:05:26 1279 Eligibility check for > > > > scep.scep-server-1.eligible.initial failed > > > > 2019/04/24 16:05:26 1279 Trigger notification message > > > > enroll_approval_pending > > > > Thank you for your time, > > > > Daniel > > > > OpenXPKI-users mailing list > > > > [email protected] > > > > https://lists.sourceforge.net/lists/listinfo/openxpki-users > > > > > > -- > > > Protect your environment - close windows and adopt a penguin! > > > OpenXPKI-users mailing list > > > [email protected] > > > https://lists.sourceforge.net/lists/listinfo/openxpki-users > > > > OpenXPKI-users mailing list > > [email protected] > > https://lists.sourceforge.net/lists/listinfo/openxpki-users > > -- > > Protect your environment - close windows and adopt a penguin! > > OpenXPKI-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/openxpki-users _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
