Hello,
we are using the docker image with OpenXPKI Version 3.24.2 and first
tried the quickstart.
But we got the problem of not getting certificates issued by the CA for
Cisco routers.
We always got a 500 response from apache and the following message in
the logs:
Unable to find signer certificate in enveloped message
After troubleshooting and diving a bit into the code, I found a
responsible file:
There is a check for the cert subject against the issuer, which should
be
identical for the initial enroll.
Unfortunately subject and issuer are pulled through different methods.
One gives the result as OID, the other has the name resolution in place,
so this does not match…
```
/usr/share/perl5/OpenXPKI/Crypt/PKCS7/SCEP.pm in the function sub
__build_signer {} around line 316
Subject via
$self->message()->envelope()->{signer}->{issuer}->get_subject()
$VAR1 = 'unstructuredName=R9.lab.vorholz.net';
Issuer via $cert->get_issuer()
$VAR1 = '1.2.840.113549.1.9.2=R9.lab.vorholz.net';
```
I wrote a quick workaround using the split function to just compare the
parts after the equal sign.
Maybe there is a need to decide what to use for both methods, so the
result becomes equal.
Hope this will help someone with the same problem. I can put more
details here if interest exists.
Thanks and regards,
Rene
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
