Re: [OpenXPKI-users] Requesting a certificate by RPC failed

Fri, 03 Mar 2023 02:38:32 -0800 

Hi,
EST expects the PEM encoded payload WITHOUT the headers - either use "-outform der | base64 -w0" or remove the headers using sed/awk. You also have to set the proper Content-Type header - there is a working example at https://openxpki.readthedocs.io/en/latest/subsystems/est.html 

Oliver

On 03.03.23 10:57, 加茂 智之 wrote:

Hi.

I'm trying to request a certificate by RPC, but it failed.
What's wrong?


$ openssl genrsa 2048 >client.key

$ openssl req -new -key client.key -subj 
"/C=JP/ST=Tokyo/L=Minato-ku/O=Example Com/CN=test33.example.com" 
-outform PEM >client.pem
$ curl -k --data "method=RequestCertificate" --data "profile= 
tls_client" --data "pkcs10=$(cat client.pem)" 
https://127.0.0.1/rpc/enroll/; echo
{"error":{"code":40003,"message":"Wrong input values: PKCS10 request 
can not be read","data":{"fields":[],"pid":2810}}}

$ sudo tail -1 /var/log/openxpki/workflows.log

2023/03/03 09:46:15 30719 Invalid PKCS#10 request (Invalid base64 
encoding)

$ cat client.pem
-----BEGIN CERTIFICATE REQUEST-----
MIICqTCCAZECAQAwZDELMAkGA1UEBhMCSlAxDjAMBgNVBAgMBVRva3lvMRIwEAYD
VQQHDAlNaW5hdG8ta3UxFDASBgNVBAoMC0V4YW1wbGUgQ29tMRswGQYDVQQDDBJ0
ZXN0MzMuZXhhbXBsZS5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIB
AQCZxfxf+0BMifDC2dqBnXk2+HzKPbr4vhSrZTjyBf7qvUXJ8OuYNuEwJ67sj+Sq
OnVLypo2quULdZ+jgJeRO7rbfqannojl3ioO51N84odYiYrbRWNpCVYtb/7st/Xp
4bJdMYpfPTfXaiQ6jk4DFT70R51YPuIX0wRaAjMlJAstx65eFQR0Xlgurks7ObZW
/eiCJxgmMpr5zYUGBtvKbKE8elChWLp1MthyY6QQOgFVU4tsvw8ezKxwxjyo9gnW
ViBCDWieXxDd7wNBbM0VHoxpRJIt6ADOYEPE+oAsvI2OM4qqvD4X/vacor348kiB
ht5cStTN9xR6uJXbXvmDE/aPAgMBAAGgADANBgkqhkiG9w0BAQsFAAOCAQEAhK8m
acE6BVX7CsS6k5bqwXlX8WEmainuwHzX1nTZBMV7ijKPUGdFlfQkye8yNf8Z7sW6
VuFDxSIR0jR1xshFVK13NH9CdGtdbIIrD5aKS7EJ9AcxhTvlid43ezudo8uWpKCv
V6IDER9OS4uQl+HTiLaIkY5BfPPQ2h9U36T9/NxFYEXxrfPtc68dLYbbVaGrStv+
KJP2hPEezy6lRL+DHjQbA/MdGZJZUQ6WHHe8O+MBhe4cMZK8b92ZtTgN7QmeuRRs
ubj7ZX1XkT3L5Lfnate+7CKC9nGEyTlx5KTlAz803HfYG71f1oMf3gj9hlhkeBJG
oRJUEvhr6e6WAdHeyQ==
-----END CERTIFICATE REQUEST-----
$



--
Protect your environment -  close windows and adopt a penguin!



_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users






















					Reply via email to