Hi, the search only looks for end entity certificates issued by the particular realm, if you want to have another behaviour you need to modify the workflow and pass other parameters to the SeachCertificate activity.
Oliver Am 17.05.19 um 15:11 schrieb Paul Schaefer: > Hello, > > When using the SearchCertificate RPC endpoint I'd like to be able to > retrieve the certificates imported on install with `openxpkiadm > certificate import`. > > Unfortunately, the database query generated in > Server/API2/Plugin/Cert/search_cert.pm:444 queries the certificate table > for certificates whose subject starts with a common name passed as > parameter. > > I'm querying the RPC endpoint as follows: > > curl -F "method=SearchCertificate" \ > -F "common_name=My Root CA" \ > http://10.164.7.218/rpc > > And the parameters generated are: > > 2019/05/17 13:34:31 INFO params are: $VAR1 = { > 'columns' => [ > 'certificate.*' > ], > 'from' => 'certificate', > 'where' => { > 'certificate.notbefore' => { > '<' => 1558092871 > }, > 'certificate.pki_realm' => 'ca-one', > 'certificate.subject' => { > '-like' => 'CN=My Root CA,%' > > } > } > }; > > For certificates generated by OpenXPKI that behavior works (at least in > my case) as the subject stored in the database always begins with the > CN. The subjects of the certificates imported by `openxpkiadm > certificate import` during installation, however, start with the field > organization unit (OU=) in the database. > > Is there any other solution to obtain the signing and root certificates > using the RPC api? Am I missing something or is the behavior I am > experiencing a bug? > > Thank you for your time and the awesome work done so far. > > Paul > > > > _______________________________________________ > OpenXPKI-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/openxpki-users > -- Protect your environment - close windows and adopt a penguin!
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
