Hi people, On Tue, 30 Jul 2019 at 18:05, Martin Bartosch <[email protected]> wrote:
> Hi, > > > OpenXPKI does support creation of EC certificates, but as the OpenSSL tool > rightly complains, EC certificates cannot be directly used to encrypt data, > they can normally only be used for Digital Signatures. The only way around > is to create static DH parameters and use these for encryption. > > You did not mention what you did to produce this error, allowing us to > reproduce this error or determine the cause of the problem. This does not > look like you requested the certificate via the GUI, I suspect you used an > enrollment interface? Could you please provide more details? > Sorry for the missing context. I am still in the very beginning first part trying to set OpenXPKI up. Therefore, still not requesting certificate via the GUI. Since OpenXPKI needs to be feed up with a Root and an Issuer certificate (and vault) generated elsewhere, maybe using command line tool like openssl or like in my case, using a tool called XCA. Following the Quickstart guide: - I imported a self signed Root certificate, then - imported a Issuing certificate (signed by the previous mentioned Root certificate) in the realm associating it with certsign token (--token certsign). Both certs with EC Keys. The logs I posted are showed up right after login on Web Interface. In other words right after: openxpki.auth.INFO Login successful using authentication stack.... in /var/log/openxpki/catchall.log I set up another realm the same way but with RSA Keys and here I get the tokens online as expected. I did not try it before as I assumed offline token should be a no go, but now I just tried to request and approve a Webserver certificate with the ca-signer-1 token offline anyway. I still did not tested the resulting certificate but the workflow state is SUCCESS :-O The vault-1 token is a self signed RSA certificate. Should I work with offline tokens ? Cheers, Jeff
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
