I’m using the dime/openxpki container that I had modified to get running. It’s using version 1.20.1 of OpenXPKI.
When I try and use the docker container from the current github OpenXPKI docker folder (after cloning the openxpki-config docker branch per the readme) the docker_openxpki-server_1 container gets stuck in an exit with code 2 loop, restarts, and exits again over and over until I kill the container. If I go to the webgui I get “Unknown application error,” I assume because the server keeps exiting and restarting. —Jim On May 2, 2019 at 10:55:33 PM, Oliver Welter ([email protected]) wrote: Jim, what container are you using and what version of OpenXPKI is installed? This does not sound like a recent container as we have replaced Crypt::OpenSSL::RSA some month ago and the API call below is using the legacy API... Oliver Am 03.05.19 um 01:18 schrieb Jim Titus: > Turns out the Perl library wasn’t installed. Now I get this error in the > EST log when submitting a CSR: > > 2019/05/02 21:27:47 ERROR:115 The following parameter was passed in the > call to OpenXPKI::Server::API::__ANON__ but was not listed in the > validation options: limit > 2019/05/02 21:27:47 TRACE:115 $VAR1 = { > 'LIST' => [ > { > 'PARAMS' => { > '__ERROR__' => 'The following > parameter was passed in the call to OpenXPKI::Server::API::__ANON__ but > was not listed in the validation options: limit > ', > '__CALL__' => > 'search_workflow_instances' > }, > 'LABEL' => > 'I18N_OPENXPKI_SERVER_API_INVALID_PARAMETER' > } > ], > 'SERVICE_MSG' => 'ERROR' > }; > > > On May 2, 2019 at 2:16:50 PM, Jim Titus ([email protected] > <mailto:[email protected]>) wrote: > >> Thanks Oliver. I got the Docker image working but now I’m getting an >> error when I try to do a simple enroll via EST. >> >> The EST log says "Unable to parse PKCS10: Unable to load >> Crypt::OpenSSL::RSA” >> >> But if I use the webgui to submit the request and upload the same CSR >> it works fine. Something buggy in the EST CGI but I’m not sure where >> to look. >> >> —Jim >> >> >> On May 1, 2019 at 11:02:54 PM, Oliver Welter ([email protected] >> <mailto:[email protected]>) wrote: >> >>> Hi Jim, >>> >>> the response is a base64 encoded PKCS7 structure - so to get the >>> certificates from the response this would be a good starting point: >>> >>> wget https://oxi-ee-demo.whiterabbitsecurity.com/.well-known/est/cacerts >>> -O - | base64 -d | openssl pkcs7 -inform der -print_certs >>> >>> I dont know this container project but after having a quick look it >>> looks like there is no HTTPS Setup which is required to make EST work >>> (at least if you want to use it with TLS Authentication). >>> >>> You might also consider to use the docker builds from the project (be >>> warned that this is considered beta): >>> https://github.com/openxpki/openxpki/tree/develop/docker >>> >>> Oliver >>> >>> Am 01.05.19 um 20:40 schrieb Jim Titus: >>> > I’m trying to get EST working in a Docker container (started with dime’s >>> > OpenXPKI image from Docker Hub). To test, I’m using the syntax from the >>> > Cisco test server site (with the appropriate changes for my server of >>> > course). When I request the server certs via EST I get a base64 >>> > response, but there is no BEGIN and END, just the base64 text. When >>> > converting it to PEM format (again using the syntax from the Cisco test >>> > site) I get this error: >>> > >>> > 4612744812:error:0D07207B:asn1 encoding routines:ASN1_get_object:header >>> > too long:asn1_lib.c:157: >>> > >>> > Any ideas? >>> > >>> > —Jim >>> > >>> > >>> > >>> > _______________________________________________ >>> > OpenXPKI-users mailing list >>> > [email protected] >>> <mailto:[email protected]> >>> > https://lists.sourceforge.net/lists/listinfo/openxpki-users >>> > >>> >>> >>> -- >>> Protect your environment - close windows and adopt a penguin! >>> >>> _______________________________________________ >>> OpenXPKI-users mailing list >>> [email protected] >>> <mailto:[email protected]> >>> https://lists.sourceforge.net/lists/listinfo/openxpki-users > > > _______________________________________________ > OpenXPKI-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/openxpki-users > -- Protect your environment - close windows and adopt a penguin! _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
