Hi Felix,
the timeout you see here is generated in the frontend component which
detaches from the backend when no answer is returned within 30 seconds.
You can set this timeout in the "global" section of the wrapper with
"timeout = <seconds>" but I do not recommend this as it will very likely
not work on the long run as the backend will likely also crash when the
HSM is busy.
The suggested approach is to either throttle your requests or to change
the process to create the request, detach and pickup later. This
requires some modifications to the workflows and also implies that your
client is able to resume those requests. If you need more throughput you
need to get a better HSM ;)
best regards
Oliver
On 18.07.23 09:38, Fabri, Felix wrote:
Hi all,
i setup openxpki in a debian buster vm and configured it to my needs -
automatic certificate enrollment via the est and rpc interfaces. This works
perfectly fine for sequential requests, but it does not for several
concurrently incoming requests from different clients.
The first one or two requests are handled but for subsequent requests creating
a workflow seems to time out on server side and the client connection is closed:
est.log:
ERR Timeout while reading from socket; __command__ => create_workflow_instance,
__timeout__ => 30 [pid=703|ep=[undef]
DEB Status: 500 Unexpected response from backend [pid=703|ep=[undef]]
Netherless all CSRs are signed and their corresponding certificates are present
in the database, but the clients receive HTTP response code 500 - Unexpected
response from backend.
I use a (relatively slow) HSM to sign the CSRs which takes up to 10 seconds for
a signing operation.
Is the "create_workflow_instance" timeout configurable?
Or can I configure something else to achieve correct handling of multiple
incoming requests?
Thanks in advance!
Best regards,
Felix
________________________________
Amtsgericht Limburg HRB 3178
Geschäftsführer: Dipl.-Ing. Wolfgang Feig, Eldor Walk
________________________________
Achtung: Bitte beachten Sie, dass sich unsere Geschäftsadresse geändert hat.
Wichtiger Hinweis
Diese E-Mail enthält vertrauliche und nur für den angegebenen Empfänger
bestimmte Informationen. Sofern Sie nicht der beabsichtigte Empfänger sind,
benachrichtigen Sie bitte umgehend den Absender und löschen diese E-Mail. Das
unbefugte Kopieren oder die unbefugte Weitergabe dieser E-Mail bzw. deren
Inhalts ist nicht gestattet und kann eine kriminelle Handlung sein.
Important notice
This message contains confidential information which is only intended for the
addressee. Unless you are not the intended recipient, immediately inform the
sender and delete this e-mail. It is not permitted neither to copy it nor pass
the content on to someone who is not authorized to read it. Acting against this
notice could be considered unlawful.
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
--
Protect your environment - close windows and adopt a penguin!
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
