Hi Oli,
this is great news!
I came along this, but didn’t realize it’s the same issue.
At this time I had no idea what caused the error.
Thanks for linking it here!
rene
On 13 Jul 2023, at 13:59, Oliver Welter wrote:
Hello Rene,
the problem with the unstructured Adress / OID already has an open
issue assigned and is already fixed in the current (still internal)
development. See https://github.com/openxpki/openxpki/pull/871
Oli
Am 13.07.23 um 13:11 schrieb René Vorholz:
Hello,
we are using the docker image with OpenXPKI Version 3.24.2 and first
tried the quickstart.
But we got the problem of not getting certificates issued by the CA
for Cisco routers.
We always got a 500 response from apache and the following message in
the logs:
Unable to find signer certificate in enveloped message
After troubleshooting and diving a bit into the code, I found a
responsible file:
There is a check for the cert subject against the issuer, which
should be
identical for the initial enroll.
Unfortunately subject and issuer are pulled through different
methods. One gives the result as OID, the other has the name
resolution in place, so this does not match…
|/usr/share/perl5/OpenXPKI/Crypt/PKCS7/SCEP.pm in the function sub
__build_signer {} around line 316 Subject via
$self->message()->envelope()->{signer}->{issuer}->get_subject() $VAR1
= 'unstructuredName=R9.lab.vorholz.net'; Issuer via
$cert->get_issuer() $VAR1 =
'1.2.840.113549.1.9.2=R9.lab.vorholz.net'; |
I wrote a quick workaround using the split function to just compare
the parts after the equal sign.
Maybe there is a need to decide what to use for both methods, so the
result becomes equal.
Hope this will help someone with the same problem. I can put more
details here if interest exists.
Thanks and regards,
Rene
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
--
Protect your environment - close windows and adopt a penguin!
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
