Hello Guillaume,
Am 07.04.20 um 11:55 schrieb Guillaume Bour:
>
> 1. I need to have only a manual approval from the operator, but no
> authorization is required. I configured the policy in
> rpc/enroll.yaml (see below) and it works, the status is indeed
> ‘PENDING’ once I connect using the operator account. However, the
> response to my RPC request contains the following error:
> {'error_code': 'I18N_OPENXPKI_UI_ENROLLMENT_ERROR_NOT_APPROVED', ….
> } when I would expect a PENDING status. Did I configure it correctly?
>
This is intended - the "error_code" is a bit misleading. You should
check the value of "proc_state" to detect if the workflow is in a final
state.
> 2. I would expect the workflow to be almost the same when using RPC and
> the UI, but some steps are missing with my current setup: when
> submitting twice the same CSR using RPC, I don’t get any error,
> while I get a “Duplicate Key Error (Certificate)” when submitting
> the CSR again using the UI. How do I get this verification on the
> RPC interface as well?A generic duplicate key check never made it in to the upstream version of the workflow as its not that easy for the general case so we always customize this for the actual project. You can "just" copy over the used actions and checks from the UI workflow to fit your needs. > 3. I configured my entity_profile so that the issued certificates are > published to the /var/www/download directory, which works with the > UI but not with RPC. How can I achieve this? Add the "publish_certificate" action at the end if the workflow. Oliver -- Protect your environment - close windows and adopt a penguin!
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
