Hi Ali,
you need to define a policy file matching the name of the used endpoint.
The endpoint is the later part of the used URL, so "scep" in your case
and so must be the name of the policy file in
config.d/realm/democa/scep. The default configuration ships a file named
"generic.yaml", so your URL should be /scep/generic to match this file.
We have changed the "fallback" behaviour in this point with the switch
to the new SCEP login two releases ago, so old examples are likely no
longer working with the stock config, I would therefore appreciate if
you report outdated documentation so we can fix it.
Oliver
On 05.02.24 10:52, Ali Danakiran wrote:
Hello,
Sorry for replying so late.
I have now looked up ErrorLog.
Scep.log:
2024/02/05 01:52:43 WAR Client error / bad request badRequest
[pid=61645|ep=scep]
2024/02/05 01:52:43 INF Disconnect client connection [pid=61645|ep=scep]
Workflows.log:
2024/02/05 01:52:42 6655 No policy parameters set in LoadPolicy
Catchcall.log:
2024/02/05 01:52:42 OpenXPKI.Server.Workflow.Condition.KeyParams.ERROR
configuration_error exception thrown from
[OpenXPKI::Server::Workflow::Condition::KeyParams: 40; previously:
OpenXPKI::Server::Workflow::Condition: 53]: You must pass either the
profile name or the key_rules directly
[pid=61773|user=Anonymous|role=System|sid=iEm6|wftype=certificate_enroll|wfid=6655|pki_realm=test]
2024/02/05 01:52:42 OpenXPKI.Server.Workflow.Condition.KeyParams.ERROR
configuration_error exception thrown from
[OpenXPKI::Server::Workflow::Condition::KeyParams: 40; previously:
OpenXPKI::Server::Workflow::Condition: 53]: You must pass either the
profile name or the key_rules directly
[pid=61773|user=Anonymous|role=System|sid=iEm6|wftype=certificate_enroll|wfid=6655|pki_realm=test]
I always get the same error messages
Oliver Welter <[email protected]> schrieb am Di. 30. Jan. 2024 um 17:03:
Hi Ali,
go to the Webui, search for the workflow and read the error
message there - if there is no workflow, check the scep.log on the
console and try running sscep with "-v" or "-d" to get some
additional output.
Oliver
On 30.01.24 15:48, Ali Danakiran wrote:
Hi
Can anyone tell me why I get the error code.
*/sscep# ./sscep enroll -uhttp://IP-ADDRESS/scep/scep
<http://IP-ADDRESS/scep/scep>\
-k tmp/scep-test.key -r tmp/scep-test.csr \
-c tmp/cacert-0 \
-l tmp/scep-test.crt \
-t 10 -n 1*
./sscep: Certificate request sent
./sscep: Valid response from the server
./sscep: Response transaction ID:
./sscep: pkistatus: FAILURE
./sscep: Reason: Transaction not allowed or supported
Martin Bartosch via OpenXPKI-users
<[email protected]> schrieb am Fr. 26. Jan.
2024 um 16:21:
Hi,
> I'm a bit further along now, I installed sscep via Github
Link but now I get the error message:
> /sscep# ./sscep getca -c tmp/cacert -u
http://domainorip/scep/scep
> ./sscep: cannot open cert file for writing
mkdir tmp
and retry.
Cheers
Martin
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
--
Protect your environment - close windows and adopt a penguin!
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
--
Protect your environment - close windows and adopt a penguin!
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
