Hi Scotty, I am new to OpenXPKI and still learning, so my experience is very limited.
I have not used SCEP, have only tried EST with custom configuration. My changes are mostly related to SAN field, but it is likely similar to what you need to do. I think you need to create a CSR with all subject fields included (title, serialNumber, etc), modify the “enroll” style of the profile (default is tls_server.yaml) to include these fields. In my case, I need to switch to use “user_auth_enc.yaml” and found “enroll” style is missing in this file. After I added it, I was able to use EST to enroll. Hope this information can help you. Cheers, Lixin From: Scott Thomas via OpenXPKI-users <[email protected]> Reply-To: "[email protected]" <[email protected]> Date: Sunday, February 12, 2023 at 10:47 PM To: OpenXPKI Users Mailing List <[email protected]> Cc: Scott Thomas <[email protected]> Subject: [OpenXPKI-users] Missing attributes in cert request via SCEP Bonjour, I have added some custom attributes like serialNumber & title in the subject. I am able to input the fileds from UI and generate cert successfully. But when i request same thing from SCEP, it fails and doesn't accept the attributes. sscep show error "Transaction not permitted or supported". The /var/log/workflow.log shows "serialNumber=,title=" no attributes. Kindly help. Cheers Scotty
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
