LS., <calabel>, nice that works.
I did see some quirks though. (buglet? ) *Setup* 2 realms: - mobility - sensor mobility is the 'first' one listed in realms.yaml I disabled the 'default' EST url. est/default.conf -> leam = (empty) -> so that accessing 'default' EST url fails est/mobility.conf -> realm = mobility est/sensor.conf -> realm = sensor Besides the realm =, all 3 are identical in realm/sensor/est/sensor.yaml I place the config for the sensor EST endpoint -> works (https://<host>/.well-known/est/sensor/simpleenroll) in realm/mobility/est/*default*.yaml I place the config for the mobility EST endpoint -> works (https:// <host>//.well-known/est/mobility/simpleenroll) So, end-to-end, all works. So, what is quirky? Somehow the file realm/mobility/est/*default*.yaml must be named *default.yaml. ?? *I would have expected that that file was required to be named mobility.yaml. But if I try that, that doesn't work. And the sensor.yaml, must be named sensor.yaml, using default.yaml there fails. Is this expected? (My OCD symmetry alarm went off :) ) Details on error If I rename realm/mobility/est/default.html to mobility.yaml curling htts://<host/.well-known/est/mobility/simpleenroll gives I18N_OPENXPKI_UI_INVALID_PROFILE And the logging gives: ==> openxpki.log <== 2023/06/07 17:08:14 INFO Login successful (user: Anonymous, role: System) [pid=19|sid=0O0m|pki_realm=mobility] ==> catchall.log <== 2023/06/07 17:08:14 openxpki.auth.INFO Login successful (user: Anonymous, role: System) [pid=19|sid=0O0m|pki_realm=mobility] ==> workflows.log <== 2023/06/07 17:08:14 33279 No policy params set in LoadPolicy ==> catchall.log <== 2023/06/07 17:08:14 openxpki.application.WARN No policy params set in LoadPolicy [pid=19|user=Anonymous|role=System|sid=0O0m|wftype=certificate_enroll|wfid=33279|pki_realm=mobility] 2023/06/07 17:08:14 OpenXPKI.Server.Workflow.Condition.KeyParams.ERROR configuration_error exception thrown from [OpenXPKI::Server::Workflow::Condition::KeyParams: 40; before: OpenXPKI::Server::Workflow::Condition: 53]: You must pass either the profile name or the key_rules directly [pid=19|user=Anonymous|role=System|sid=0O0m|wftype=certificate_enroll|wfid=33279|pki_realm=mobility] 2023/06/07 17:08:14 OpenXPKI.Server.Workflow.Condition.KeyParams.ERROR configuration_error exception thrown from [OpenXPKI::Server::Workflow::Condition::KeyParams: 40; before: OpenXPKI::Server::Workflow::Condition: 53]: You must pass either the profile name or the key_rules directly [pid=19|user=Anonymous|role=System|sid=0O0m|wftype=certificate_enroll|wfid=33279|pki_realm=mobility] ==> est.log <== 2023/06/07 15:08:14 INF Disconnect client [pid=70|ep=[undef]] *version* docker image whiterabbitsecurity/openxpki3 (b3c4b26f72b429fb3a26d2ee1ef6580a9fb9d15f2af2f066977ce8f4a1fe8adf) -Harm On Wed, Jun 7, 2023 at 3:34 PM Oliver Welter <m...@oliwel.de> wrote: > Hi Harm, > > welcome to the list ;) > > The EST protocol supports so called "calabels" which end up in being > added into the path as > https://<host>/.well-known/est/<calabel>/simpleenroll and the name of > this label matches what we call an "endpoint". So you have to create a > copy of the est/default.conf file to est/<calabel>.conf and change the > settings as required. > > Oliver > > On 07.06.23 13:51, Harm Verhagen wrote: > > Hi, > > > > (new to this list, first question) > > > > I have 2 realms, I want to have EST for both. > > How can I configure 2 EST endpoint urls, to distinguish between the > > realms? > > > > With the default config I have only one endpoint > > https://<host>/.well-known/est/simpleenroll that happens to land in > > the 'first' realm in realms.yaml > > > > I checked the manual [1], but could not find this feature. > > > > Regards, > > Harm > > > > [1] https://openxpki.readthedocs.io/en/stable/subsystems/est.html# > > > > > > > > _______________________________________________ > > OpenXPKI-users mailing list > > OpenXPKI-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/openxpki-users > > -- > Protect your environment - close windows and adopt a penguin! > > > > _______________________________________________ > OpenXPKI-users mailing list > OpenXPKI-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openxpki-users >
_______________________________________________ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
