Hi, I am stuck in testing autorenew of scep requested certificates.
This is my initial enrollment with certmonger : ``` getcert request -c openxpki -f $certfolder/nginx2.crt -k $keyfolder/nginx2.key -g 4096 -r -N cn=nginx2.domain.lan -v -w -L SecretChallenge ``` On client side, Certmonger is aware that the certificate will not be valid after 2022-02-14 15:03:47. ``` $ journalctl -f -t certmonger Feb 14 14:03:52 srvlinux1.domain.lan certmonger[4515]: Certificate in file "/etc/pki/nginx/nginx4.crt" will not be valid after 2022-02-14 15:03:47 EST. Feb 14 14:03:53 srvlinux1.domain.lan certmonger[4524]: Certificate in file "/etc/pki/nginx/nginx4.crt" issued by CA and saved. Feb 14 15:03:58 srvlinux1.domain.lan certmonger[4713]: Certificate in file "/etc/pki/nginx/nginx4.crt" is no longer valid. Feb 14 15:03:59 srvlinux1.domain.lan certmonger[4722]: Certificate in file "/etc/pki/nginx/nginx4.crt" issued by CA and saved. Feb 14 15:04:04 srvlinux1.domain.lan certmonger[4723]: Certificate in file "/etc/pki/nginx/nginx4.crt" is no longer valid. Feb 14 15:04:04 srvlinux1.domain.lan certmonger[4732]: Certificate in file "/etc/pki/nginx/nginx4.crt" issued by CA and saved. ... ``` Certmonger seems to request a renewed certificate to scep server. On OpenXPKI side. I understand that the SCEP server find the appropriate initial workflow (9983). But is it delevering a new certificate by telling "Delivered certificate via SCEP" ? Am I supposed to see a new workflow ? ``` $ tail -f catchall.log 2022/02/15 06:59:17 openxpki.application.INFO SCEP incoming request, found workflow 9983, state SUCCESS [pid=14219|sid=Np/H|sceptid=18613736623267056728949651332883552946253262284120207140875649336207099010943] 2022/02/15 06:59:17 openxpki.application.INFO Delivered certificate via SCEP (zt-Hg4zM5qYeaoWrK0u1ixdFQqU) [pid=14219|sid=Np/H|sceptid=18613736623267056728949651332883552946253262284120207140875649336207099010943] 2022/02/15 06:59:22 openxpki.application.INFO LibSCEP PKIOperation; message type: PKCSReq [pid=14221|sid=RSFS] 2022/02/15 06:59:22 openxpki.application.INFO SCEP incoming request, id 18613736623267056728949651332883552946253262284120207140875649336207099010943 [pid=14221|sid=RSFS|sceptid=18613736623267056728949651332883552946253262284120207140875649336207099010943] 2022/02/15 06:59:22 openxpki.application.INFO SCEP incoming request, found workflow 9983, state SUCCESS [pid=14221|sid=RSFS|sceptid=18613736623267056728949651332883552946253262284120207140875649336207099010943] 2022/02/15 06:59:22 openxpki.application.INFO Delivered certificate via SCEP (zt-Hg4zM5qYeaoWrK0u1ixdFQqU) [pid=14221|sid=RSFS|sceptid=18613736623267056728949651332883552946253262284120207140875649336207099010943] 2022/02/15 06:59:28 openxpki.application.INFO LibSCEP PKIOperation; message type: PKCSReq [pid=14223|sid=DG+g] 2022/02/15 06:59:28 openxpki.application.INFO SCEP incoming request, id 18613736623267056728949651332883552946253262284120207140875649336207099010943 [pid=14223|sid=DG+g|sceptid=18613736623267056728949651332883552946253262284120207140875649336207099010943] ... ``` On the client side, the expiration date is still 2022-02-14 15:03:47 and the certificate is no longer valid. Scep configuration is the default one and I am using default docker setup. Thanks and have a nice day. Eric
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
