Jim, what container are you using and what version of OpenXPKI is installed? This does not sound like a recent container as we have replaced Crypt::OpenSSL::RSA some month ago and the API call below is using the legacy API...
Oliver
Am 03.05.19 um 01:18 schrieb Jim Titus:
> Turns out the Perl library wasn’t installed. Now I get this error in the
> EST log when submitting a CSR:
>
> 2019/05/02 21:27:47 ERROR:115 The following parameter was passed in the
> call to OpenXPKI::Server::API::__ANON__ but was not listed in the
> validation options: limit
> 2019/05/02 21:27:47 TRACE:115 $VAR1 = {
> 'LIST' => [
> {
> 'PARAMS' => {
> '__ERROR__' => 'The following
> parameter was passed in the call to OpenXPKI::Server::API::__ANON__ but
> was not listed in the validation options: limit
> ',
> '__CALL__' =>
> 'search_workflow_instances'
> },
> 'LABEL' =>
> 'I18N_OPENXPKI_SERVER_API_INVALID_PARAMETER'
> }
> ],
> 'SERVICE_MSG' => 'ERROR'
> };
>
>
> On May 2, 2019 at 2:16:50 PM, Jim Titus ([email protected]
> <mailto:[email protected]>) wrote:
>
>> Thanks Oliver. I got the Docker image working but now I’m getting an
>> error when I try to do a simple enroll via EST.
>>
>> The EST log says "Unable to parse PKCS10: Unable to load
>> Crypt::OpenSSL::RSA”
>>
>> But if I use the webgui to submit the request and upload the same CSR
>> it works fine. Something buggy in the EST CGI but I’m not sure where
>> to look.
>>
>> —Jim
>>
>>
>> On May 1, 2019 at 11:02:54 PM, Oliver Welter ([email protected]
>> <mailto:[email protected]>) wrote:
>>
>>> Hi Jim,
>>>
>>> the response is a base64 encoded PKCS7 structure - so to get the
>>> certificates from the response this would be a good starting point:
>>>
>>> wget https://oxi-ee-demo.whiterabbitsecurity.com/.well-known/est/cacerts
>>> -O - | base64 -d | openssl pkcs7 -inform der -print_certs
>>>
>>> I dont know this container project but after having a quick look it
>>> looks like there is no HTTPS Setup which is required to make EST work
>>> (at least if you want to use it with TLS Authentication).
>>>
>>> You might also consider to use the docker builds from the project (be
>>> warned that this is considered beta):
>>> https://github.com/openxpki/openxpki/tree/develop/docker
>>>
>>> Oliver
>>>
>>> Am 01.05.19 um 20:40 schrieb Jim Titus:
>>> > I’m trying to get EST working in a Docker container (started with dime’s
>>> > OpenXPKI image from Docker Hub). To test, I’m using the syntax from the
>>> > Cisco test server site (with the appropriate changes for my server of
>>> > course). When I request the server certs via EST I get a base64
>>> > response, but there is no BEGIN and END, just the base64 text. When
>>> > converting it to PEM format (again using the syntax from the Cisco test
>>> > site) I get this error:
>>> >
>>> > 4612744812:error:0D07207B:asn1 encoding routines:ASN1_get_object:header
>>> > too long:asn1_lib.c:157:
>>> >
>>> > Any ideas?
>>> >
>>> > —Jim
>>> >
>>> >
>>> >
>>> > _______________________________________________
>>> > OpenXPKI-users mailing list
>>> > [email protected]
>>> <mailto:[email protected]>
>>> > https://lists.sourceforge.net/lists/listinfo/openxpki-users
>>> >
>>>
>>>
>>> --
>>> Protect your environment - close windows and adopt a penguin!
>>>
>>> _______________________________________________
>>> OpenXPKI-users mailing list
>>> [email protected]
>>> <mailto:[email protected]>
>>> https://lists.sourceforge.net/lists/listinfo/openxpki-users
>
>
> _______________________________________________
> OpenXPKI-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/openxpki-users
>
--
Protect your environment - close windows and adopt a penguin!
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
