Hello everyone,
I am currently trying my best with Openxpki.
More precisely, I want to use EST to automatically issue or renew
certificates.
Regarding the deployment, I have made use of the docker resource and the
shell script "sampleconfig.sh". So far so good.
I have made some adjustments to the file "est/default.yaml".
I have modified the following:
allow_anon_enroll: 0
approval_points: 0
This should allow only authenticated EST queries to get through and then be
processed automatically.
Now I have created a keypair using OpenSSL:
> openssl req -new -newkey rsa:2048 -nodes -subj "/CN=tls cert"
-keyout tls.key -out tls.csr
I then used the generated "tls.csr" and the Web-GUI to create a certificate
("tls.crt") in PEM format (Certificate Profile: TLS Client; Application
Name: pkiclient).
Now I have created another keypair:
> openssl req -new -newkey rsa:2048 -nodes -subj "/CN=test cert"
-keyout test.key -outform der -out - | base64 > test.pem
The next thing I'm trying to do is make an authenticated EST query using
Curl and the artifacts I've created:
> curl -v -k -H "Content-Type: application/pkcs10" --data @test.pem
--key tls.key --cert tls.crt
https://localhost:8443/.well-known/est/simpleenroll -o device.b64
My problem is that the file "device.b64" does not contain the certificate,
but:
Request was rejected:
I18N_OPENXPKI_UI_ENROLLMENT_ERROR_NOT_AUTHENTICATED
I don't know if it helps, but in "var/log/openxpki/openxpki.log" the
following entry occurs after the Curl command:
2021/08/09 13:09:58 INFO Login successful (user: Anonymous, role:
System) [pid=711|sid=IKeI]
There is something I seem to be doing wrong or overlooking regarding the
authentication.... I am very grateful for any help!
Best regards/ Liebe Grüße
rkrahl
_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users
