Just saw the contents of /var/log/openxpki/scep.log. It shows following alert if an SCEP request is received
*2020/06/29 11:03:00 DEBUG:2258 Autodetect config file for service scep: scep.conf2020/06/29 11:03:00 DEBUG:2258 No config file found, falling back to default2020/06/29 11:03:00 INFO:2258 Incoming request from 127.0.0.1 with PKIOperation2020/06/29 11:03:00 DEBUG:2258 Response send* A config file is placed at /etc/opemxpki/scep/default.conf with following contents. ********************************************************************* [global] log_config = /etc/openxpki/scep/log.conf log_facility = client.scep service=LibSCEP socket=/var/openxpki/openxpki.socket realm=democa iprange=0.0.0.0/0 servername=generic encryption_algorithm=3DES hash_algorithm=SHA256 ********************************************************************* On Mon, Jun 29, 2020 at 9:34 PM Om Parkash <[email protected]> wrote: > Hi, > > I tried to modify the file > /etc/openxpki/config.d/realm/democa/scep/generic.yaml to modify the > parameters > > *approval_points : 0 // if you set it to "0", all authenticated > requests are auto-approved!* > > *allow_man_approv : 0 * *// If not auto-approved, allow operator to add > approval by hand* > > Then I restarted the openxpkictl daemon but the SCEP request is not > auto-approved. > > Guide me if I am doing something wrong or missing something > > Om Parkash > > On Mon, Jun 29, 2020 at 8:10 PM Siekmann, Marco < > [email protected]> wrote: > >> Hi Om, >> >> >> >> you need to approve the request in the ui now. As far as I remember that, >> this can be found under workflow search. >> >> There are config options to automatic approve request. >> >> Take a look at the scep.config file. >> >> >> >> Kind regards >> >> >> >> Marco >> >> >> >> *Von:* Om Parkash <[email protected]> >> *Gesendet:* Montag, 29. Juni 2020 16:38 >> *An:* [email protected] >> *Betreff:* [OpenXPKI-users] PENDING response from OpenXPKI SCEP service. >> >> >> >> Hi, >> >> >> >> When i try to enroll a certificate from SCEP service via the command >> >> >> >> *sscep enroll -u **http://localhost/scep/scep/* >> <http://localhost/scep/scep/>* -k priv.key -r test.csr -l test.crt -c >> ca.crt-0 -t 120* >> >> >> >> It shows the pending status as follows. >> >> >> >> >> >> >> *sscep: sending certificate request sscep: valid response from server >> sscep: reply transaction id: B47BEBCE88EEEE9DE96375A9EC1F8D98 sscep: >> pkistatus: PENDING* >> >> >> >> SCEP requests because they mostly occur from network devices and can >> occur any time. Does OpenXPKI support auto enrollment for SCEP requests? >> >> >> >> Regards >> >> Om Parkash >> _______________________________________________ >> OpenXPKI-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/openxpki-users >> >
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
