This 'quirk' was caused by me. (unintentionally) having a servername = default in mobility.conf
sorry for the noise. -Harm On Wed, Jun 7, 2023 at 5:12 PM Harm Verhagen <h...@symeon.nl> wrote: > LS., > > <calabel>, nice that works. > > I did see some quirks though. (buglet? ) > > *Setup* > 2 realms: > > - mobility > - sensor > > > mobility is the 'first' one listed in realms.yaml > > I disabled the 'default' EST url. > > est/default.conf -> leam = (empty) -> so that accessing 'default' > EST url fails > est/mobility.conf -> realm = mobility > est/sensor.conf -> realm = sensor > Besides the realm =, all 3 are identical > > > in realm/sensor/est/sensor.yaml I place the config for the sensor EST > endpoint -> works (https://<host>/.well-known/est/sensor/simpleenroll) > in realm/mobility/est/*default*.yaml I place the config for the > mobility EST endpoint -> works (https:// > <host>//.well-known/est/mobility/simpleenroll) > > So, end-to-end, all works. > > So, what is quirky? > > Somehow the file realm/mobility/est/*default*.yaml must be named > *default.yaml. > ?? *I would have expected that that file was required to be named > mobility.yaml. But if I try that, that doesn't work. > And the sensor.yaml, must be named sensor.yaml, using default.yaml there > fails. > > > Is this expected? (My OCD symmetry alarm went off :) ) > > > Details on error > > If I rename realm/mobility/est/default.html to mobility.yaml curling > htts://<host/.well-known/est/mobility/simpleenroll gives > I18N_OPENXPKI_UI_INVALID_PROFILE > > And the logging gives: > ==> openxpki.log <== > 2023/06/07 17:08:14 INFO Login successful (user: Anonymous, role: System) > [pid=19|sid=0O0m|pki_realm=mobility] > > ==> catchall.log <== > 2023/06/07 17:08:14 openxpki.auth.INFO Login successful (user: Anonymous, > role: System) [pid=19|sid=0O0m|pki_realm=mobility] > > ==> workflows.log <== > 2023/06/07 17:08:14 33279 No policy params set in LoadPolicy > > ==> catchall.log <== > 2023/06/07 17:08:14 openxpki.application.WARN No policy params set in > LoadPolicy > [pid=19|user=Anonymous|role=System|sid=0O0m|wftype=certificate_enroll|wfid=33279|pki_realm=mobility] > 2023/06/07 17:08:14 OpenXPKI.Server.Workflow.Condition.KeyParams.ERROR > configuration_error exception thrown from > [OpenXPKI::Server::Workflow::Condition::KeyParams: 40; before: > OpenXPKI::Server::Workflow::Condition: 53]: You must pass either the > profile name or the key_rules directly > [pid=19|user=Anonymous|role=System|sid=0O0m|wftype=certificate_enroll|wfid=33279|pki_realm=mobility] > 2023/06/07 17:08:14 OpenXPKI.Server.Workflow.Condition.KeyParams.ERROR > configuration_error exception thrown from > [OpenXPKI::Server::Workflow::Condition::KeyParams: 40; before: > OpenXPKI::Server::Workflow::Condition: 53]: You must pass either the > profile name or the key_rules directly > [pid=19|user=Anonymous|role=System|sid=0O0m|wftype=certificate_enroll|wfid=33279|pki_realm=mobility] > > ==> est.log <== > 2023/06/07 15:08:14 INF Disconnect client [pid=70|ep=[undef]] > > *version* > docker image whiterabbitsecurity/openxpki3 > (b3c4b26f72b429fb3a26d2ee1ef6580a9fb9d15f2af2f066977ce8f4a1fe8adf) > > -Harm > > > On Wed, Jun 7, 2023 at 3:34 PM Oliver Welter <m...@oliwel.de> wrote: > >> Hi Harm, >> >> welcome to the list ;) >> >> The EST protocol supports so called "calabels" which end up in being >> added into the path as >> https://<host>/.well-known/est/<calabel>/simpleenroll and the name of >> this label matches what we call an "endpoint". So you have to create a >> copy of the est/default.conf file to est/<calabel>.conf and change the >> settings as required. >> >> Oliver >> >> On 07.06.23 13:51, Harm Verhagen wrote: >> > Hi, >> > >> > (new to this list, first question) >> > >> > I have 2 realms, I want to have EST for both. >> > How can I configure 2 EST endpoint urls, to distinguish between the >> > realms? >> > >> > With the default config I have only one endpoint >> > https://<host>/.well-known/est/simpleenroll that happens to land in >> > the 'first' realm in realms.yaml >> > >> > I checked the manual [1], but could not find this feature. >> > >> > Regards, >> > Harm >> > >> > [1] https://openxpki.readthedocs.io/en/stable/subsystems/est.html# >> > >> > >> > >> > _______________________________________________ >> > OpenXPKI-users mailing list >> > OpenXPKI-users@lists.sourceforge.net >> > https://lists.sourceforge.net/lists/listinfo/openxpki-users >> >> -- >> Protect your environment - close windows and adopt a penguin! >> >> >> >> _______________________________________________ >> OpenXPKI-users mailing list >> OpenXPKI-users@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/openxpki-users >> >
_______________________________________________ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
