Turns out the Perl library wasn’t installed. Now I get this error in the
EST log when submitting a CSR:
2019/05/02 21:27:47 ERROR:115 The following parameter was passed in the
call to OpenXPKI::Server::API::__ANON__ but was not listed in the
validation options: limit
2019/05/02 21:27:47 TRACE:115 $VAR1 = {
'LIST' => [
{
'PARAMS' => {
'__ERROR__' => 'The following
parameter was passed in the call to OpenXPKI::Server::API::__ANON__ but was
not listed in the validation options: limit
',
'__CALL__' =>
'search_workflow_instances'
},
'LABEL' =>
'I18N_OPENXPKI_SERVER_API_INVALID_PARAMETER'
}
],
'SERVICE_MSG' => 'ERROR'
};
On May 2, 2019 at 2:16:50 PM, Jim Titus ([email protected]) wrote:
Thanks Oliver. I got the Docker image working but now I’m getting an error
when I try to do a simple enroll via EST.
The EST log says "Unable to parse PKCS10: Unable to load
Crypt::OpenSSL::RSA”
But if I use the webgui to submit the request and upload the same CSR it
works fine. Something buggy in the EST CGI but I’m not sure where to look.
—Jim
On May 1, 2019 at 11:02:54 PM, Oliver Welter ([email protected]) wrote:
Hi Jim,
the response is a base64 encoded PKCS7 structure - so to get the
certificates from the response this would be a good starting point:
wget https://oxi-ee-demo.whiterabbitsecurity.com/.well-known/est/cacerts
-O - | base64 -d | openssl pkcs7 -inform der -print_certs
I dont know this container project but after having a quick look it
looks like there is no HTTPS Setup which is required to make EST work
(at least if you want to use it with TLS Authentication).
You might also consider to use the docker builds from the project (be
warned that this is considered beta):
https://github.com/openxpki/openxpki/tree/develop/docker
Oliver
Am 01.05.19 um 20:40 schrieb Jim Titus:
> I’m trying to get EST working in a Docker container (started with dime’s
> OpenXPKI image from Docker Hub). To test, I’m using the syntax from the
> Cisco test server site (with the appropriate changes for my server of
> course). When I request the server certs via EST I get a base64
> response, but there is no BEGIN and END, just the base64 text. When
> converting it to PEM format (again using the syntax from the Cisco test
> site) I get this error:
>
> 4612744812:error:0D07207B:asn1 encoding routines:ASN1_get_object:header
> too long:asn1_lib.c:157:
>
> Any ideas?
>
> —Jim
>
>
>
> _______________________________________________
> OpenXPKI-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/openxpki-users
>
--
Protect your environment - close windows and adopt a penguin!
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
