Hello Enrqiue, thats intended behaviour - the default configuration expects an "on behalf" request authenticated with a TLS signer certificate. Using Basic Auth is not supported at the moment.
Please see this - very detailed - documentation of the enrollment workflow and its configuration: https://openxpki.readthedocs.io/en/latest/reference/configuration/workflows/enroll.html There is also a section for a "sign all" testdrive configuration https://openxpki.readthedocs.io/en/latest/reference/configuration/workflows/enroll.html#test-drive-insecure best regards Oliver Am 01.09.20 um 16:12 schrieb Cano Carballar, Enrique (GE Digital): > Hi! > > > > I’ve got openxpki running with docker-composer, pretty much following > the instructions as described here: > https://github.com/openxpki/openxpki-docker. > > I’m trying to use the EST protocol to sign a certificate request, and > I’m using the following URL: > > curl -k -v https://localhost:8443/.well-known/est/simpleenroll -s -o > cert.p7 --data-binary @req.p10 -H "Content-Type: application/pkcs10" > > > > But instead of the certificate, I’m getting this error message: > > $ cat cert.p7 > > Request was rejected: I18N_OPENXPKI_UI_ENROLLMENT_ERROR_NOT_AUTHENTICATED > > > > My questions are: > > 1. Do I need to create a user and send username and password using > basic authentication? > 2. Do I need to use a client certificate instead? > 3. Can I accept anonymous requests for testing purposes? > > > > Many thanks in advance > > > > Enrique > > > > _______________________________________________ > OpenXPKI-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/openxpki-users > -- Protect your environment - close windows and adopt a penguin! _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
