Hi Scotty, I am new to OpenXPKI and still learning, so my experience is very limited.
I have not used SCEP, have only tried EST with custom configuration. My changes are mostly related to SAN field, but it is likely similar to what you need to do. I think you need to create a CSR with all subject fields included (title, serialNumber, etc), modify the “enroll” style of the profile (default is tls_server.yaml) to include these fields. In my case, I need to switch to use “user_auth_enc.yaml” and found “enroll” style is missing in this file. After I added it, I was able to use EST to enroll. Hope this information can help you. Cheers, Lixin From: Scott Thomas via OpenXPKI-users <openxpki-users@lists.sourceforge.net> Reply-To: "openxpki-users@lists.sourceforge.net" <openxpki-users@lists.sourceforge.net> Date: Sunday, February 12, 2023 at 10:47 PM To: OpenXPKI Users Mailing List <openxpki-users@lists.sourceforge.net> Cc: Scott Thomas <scott_thomas...@yahoo.com> Subject: [OpenXPKI-users] Missing attributes in cert request via SCEP Bonjour, I have added some custom attributes like serialNumber & title in the subject. I am able to input the fileds from UI and generate cert successfully. But when i request same thing from SCEP, it fails and doesn't accept the attributes. sscep show error "Transaction not permitted or supported". The /var/log/workflow.log shows "serialNumber=,title=" no attributes. Kindly help. Cheers Scotty
_______________________________________________ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users