Am 03.05.19 um 19:00 schrieb Jim Titus: > I’m using the dime/openxpki container that I had modified to get > running. It’s using version 1.20.1 of OpenXPKI. > EST is not really usable in 1.x and we no longer support this so you are wasting your time...
> When I try and use the docker container from the current github OpenXPKI > docker folder (after cloning the openxpki-config docker branch per the > readme) the docker_openxpki-server_1 container gets stuck in an exit > with code 2 loop, restarts, and exits again over and over until I kill > the container. If I go to the webgui I get “Unknown application error,” > I assume because the server keeps exiting and restarting. I just tried a fresh checkout and it works for me - if might take some time till the database is created, try to remove the "restart: always" from the docker-compose and try to restart by hand once the DB is up. Note that the container comes without tokens and without SSL setup so there is some work to do, it might be better to use the vagrant boxes or bootstrap a "real" debian VM using the quickstart manual. Oliver > —Jim > > > On May 2, 2019 at 10:55:33 PM, Oliver Welter ([email protected] > <mailto:[email protected]>) wrote: > >> Jim, what container are you using and what version of OpenXPKI is >> installed? This does not sound like a recent container as we have >> replaced Crypt::OpenSSL::RSA some month ago and the API call below is >> using the legacy API... >> >> Oliver >> >> Am 03.05.19 um 01:18 schrieb Jim Titus: >> > Turns out the Perl library wasn’t installed. Now I get this error in the >> > EST log when submitting a CSR: >> > >> > 2019/05/02 21:27:47 ERROR:115 The following parameter was passed in the >> > call to OpenXPKI::Server::API::__ANON__ but was not listed in the >> > validation options: limit >> > 2019/05/02 21:27:47 TRACE:115 $VAR1 = { >> > 'LIST' => [ >> > { >> > 'PARAMS' => { >> > '__ERROR__' => 'The following >> > parameter was passed in the call to OpenXPKI::Server::API::__ANON__ but >> > was not listed in the validation options: limit >> > ', >> > '__CALL__' => >> > 'search_workflow_instances' >> > }, >> > 'LABEL' => >> > 'I18N_OPENXPKI_SERVER_API_INVALID_PARAMETER' >> > } >> > ], >> > 'SERVICE_MSG' => 'ERROR' >> > }; >> > >> > >> > On May 2, 2019 at 2:16:50 PM, Jim Titus ([email protected] >> > <mailto:[email protected]> >> > <mailto:[email protected] <mailto:[email protected]>>) wrote: >> > >> >> Thanks Oliver. I got the Docker image working but now I’m getting an >> >> error when I try to do a simple enroll via EST. >> >> >> >> The EST log says "Unable to parse PKCS10: Unable to load >> >> Crypt::OpenSSL::RSA” >> >> >> >> But if I use the webgui to submit the request and upload the same CSR >> >> it works fine. Something buggy in the EST CGI but I’m not sure where >> >> to look. >> >> >> >> —Jim >> >> >> >> >> >> On May 1, 2019 at 11:02:54 PM, Oliver Welter ([email protected] >> >> <mailto:[email protected]> >> >> <mailto:[email protected] <mailto:[email protected]>>) wrote: >> >> >> >>> Hi Jim, >> >>> >> >>> the response is a base64 encoded PKCS7 structure - so to get the >> >>> certificates from the response this would be a good starting point: >> >>> >> >>> wget https://oxi-ee-demo.whiterabbitsecurity.com/.well-known/est/cacerts >> >>> -O - | base64 -d | openssl pkcs7 -inform der -print_certs >> >>> >> >>> I dont know this container project but after having a quick look it >> >>> looks like there is no HTTPS Setup which is required to make EST work >> >>> (at least if you want to use it with TLS Authentication). >> >>> >> >>> You might also consider to use the docker builds from the project (be >> >>> warned that this is considered beta): >> >>> https://github.com/openxpki/openxpki/tree/develop/docker >> >>> >> >>> Oliver >> >>> >> >>> Am 01.05.19 um 20:40 schrieb Jim Titus: >> >>> > I’m trying to get EST working in a Docker container (started with >> >>> > dime’s >> >>> > OpenXPKI image from Docker Hub). To test, I’m using the syntax from the >> >>> > Cisco test server site (with the appropriate changes for my server of >> >>> > course). When I request the server certs via EST I get a base64 >> >>> > response, but there is no BEGIN and END, just the base64 text. When >> >>> > converting it to PEM format (again using the syntax from the Cisco test >> >>> > site) I get this error: >> >>> > >> >>> > 4612744812:error:0D07207B:asn1 encoding routines:ASN1_get_object:header >> >>> > too long:asn1_lib.c:157: >> >>> > >> >>> > Any ideas? >> >>> > >> >>> > —Jim >> >>> > >> >>> > >> >>> > >> >>> > _______________________________________________ >> >>> > OpenXPKI-users mailing list >> >>> > [email protected] >> <mailto:[email protected]> >> >>> <mailto:[email protected] >> <mailto:[email protected]>> >> >>> > https://lists.sourceforge.net/lists/listinfo/openxpki-users >> >>> > >> >>> >> >>> >> >>> -- >> >>> Protect your environment - close windows and adopt a penguin! >> >>> >> >>> _______________________________________________ >> >>> OpenXPKI-users mailing list >> >>> [email protected] >> <mailto:[email protected]> >> >>> <mailto:[email protected] >> <mailto:[email protected]>> >> >>> https://lists.sourceforge.net/lists/listinfo/openxpki-users >> > >> > >> > _______________________________________________ >> > OpenXPKI-users mailing list >> > [email protected] >> <mailto:[email protected]> >> > https://lists.sourceforge.net/lists/listinfo/openxpki-users >> > >> >> >> -- >> Protect your environment - close windows and adopt a penguin! >> >> _______________________________________________ >> OpenXPKI-users mailing list >> [email protected] >> <mailto:[email protected]> >> https://lists.sourceforge.net/lists/listinfo/openxpki-users > > > _______________________________________________ > OpenXPKI-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/openxpki-users > -- Protect your environment - close windows and adopt a penguin!
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
