Re: [OpenXPKI-users] Need help to make openxpki scep 2.5.5 work in auto approval mode

[Oliver Welter]

Hi Chandra,

the approval looks fines but your policy section is missing so I can not 
tell you where it hangs - does it go into "PENDING" or is it stuck in 
"MANUAL AUTHENTICATION"? You are likely missing the "authentication" 
step - check the docs for the enrollment workflow.

Besides you should upgrade to 3.x - the 2.5 branch is no longer mainteined.

Oliver

On 03.11.22 11:50, Chandramauli De via OpenXPKI-users wrote:

Hello everyone,

Pl find below the content (excerpt) of the generic.yaml of the 
openxpki scep 2.5.5. *I want to make openxpki work in auto-approval 
mode*. Currently it’s going for manual approval. Can u pl help me 
what’s going wrong here:

profile:

  cert_profile: I18N_OPENXPKI_PROFILE_TLS_SERVER

  cert_subject_style: enroll

# Mapping of names to OpenXPKI profiles to be used with the

# Microsoft Certificate Template Name Ext. (1.3.6.1.4.1.311.20.2)

profile_map:

    pc-client: I18N_OPENXPKI_PROFILE_TLS_CLIENT

# HMAC based authentication

hmac: verysecret

challenge:

    value: SecretChallenge

eligible:

    initial:

       value: 1

       # value@: connector:scep.scep-server-1.connector.initial

       # args: '[% context.cert_subject_parts.CN.0 %]'

       # expect:

       #  - Build

       #  - New

    renewal:

       value: 1

connector:

    initial:

        class: Connector::Proxy::YAML

        # this file must have a key/value list with the key being

        # the subject and the value being a true value

        # e.g. "pc1234.example.org: 1"

        LOCATION: /home/pkiadm/cmdb.yaml

Thanks & Regards,
Chandra


*Chandramauli De*
QA, Fleet management

STL, ISS

http://www.lexmark.com/common/images/email/lexmark-logo-email-signature.png 
<https://nam11.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.lexmark.com%2F&data=04%7C01%7Cheather.henley%40lexmark.com%7Cae5eb35646f344334e4c08d8ee023b6e%7C127090656e6c41c99e4dfb0a436969ce%7C1%7C0%7C637521040645785536%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C1000&sdata=sr%2Bw4EEmMZPexRDBAYLsirn0QDIupP27eMq9c708gB8%3D&reserved=0>
www.lexmark.com



_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users

--
Protect your environment -  close windows and adopt a penguin!
_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users