Hello Oliver and others, Can u pl look into this issue and give us some guidance.
Thanks & Regards, Chandra Chandramauli De QA, Fleet management STL, ISS [http://www.lexmark.com/common/images/email/lexmark-logo-email-signature.png]<https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.lexmark.com%2F&data=04%7C01%7Cheather.henley%40lexmark.com%7Cae5eb35646f344334e4c08d8ee023b6e%7C127090656e6c41c99e4dfb0a436969ce%7C1%7C0%7C637521040645785536%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=sr%2Bw4EEmMZPexRDBAYLsirn0QDIupP27eMq9c708gB8%3D&reserved=0> www.lexmark.com [cid:[email protected]] From: Chandramauli De via OpenXPKI-users <[email protected]> Sent: Monday, June 27, 2022 6:06 PM To: [email protected] Cc: Chandramauli De <[email protected]> Subject: [OpenXPKI-users] Need help for client cert authentication of openxpki EST server Hello everyone, We've configured an openxpki EST server. It has following config for client cert auth in stack.yaml & handler.yaml. Still if we provide any wrong certificate in our application, certificate enrollment is successful. Whereas if we use testrfc7030.com, then in our application, certificate enrollment is NOT successful. Is there any problem in the config and if yes, can you pl help us where we need to change w.r.t. est server configuration. stack.yaml # Login with a client certificate, needs to be setup on the webserver Certificate: label: Client certificate description: Login using a client certificate handler: Certificate type: x509 sign: # This is the public key matching the private one given in webui/default.conf # Use "openssl pkey -pubout" to create the required string from the private key key: MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE+Kd4mdLwV4bEMaKQ2aUxO4e18QAuE1k0je5i82qk0haG8b8h1VJ4SaslRa+/Nff6Mhx31yRR6RNzmjEPRgLZYw== handler.yaml # Using the default config this allows a user login with ANY certificate # issued by the democa which has the client auth keyUsage bit set # the commonName is used as username! Certificate: type: ClientX509 role: User arg: CN trust_anchor: realm: democa Thanks & Regards, Chandra Chandramauli De QA, Fleet management STL, ISS [http://www.lexmark.com/common/images/email/lexmark-logo-email-signature.png]<https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.lexmark.com%2F&data=04%7C01%7Cheather.henley%40lexmark.com%7Cae5eb35646f344334e4c08d8ee023b6e%7C127090656e6c41c99e4dfb0a436969ce%7C1%7C0%7C637521040645785536%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=sr%2Bw4EEmMZPexRDBAYLsirn0QDIupP27eMq9c708gB8%3D&reserved=0> www.lexmark.com<http://www.lexmark.com> [cid:[email protected]]
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
