Hello, I have just performed a new installation of OpenXPKI v.30.3 with Docker in a Debian 12 host. I tried to enroll with SSCEP v0.10.0, as the documentation from the docker repo and the quickstart guide<https://openxpki.readthedocs.io/en/latest/quickstart.html> suggested. I used the community configuration. The only difference from the basic configuration is that I increased the logging level and the real_mode as suggested in a previous Mailing List message when working with a hostname instead of path (default).
The GETCA operation works, but as soon as I wanted to ENROLL, I got problems. I received a pkistatus FAILURE in the client and the reason: "Transaction not permitted or supported". When I looked at the logs and the workflow in the WebUI, I found out that the process is failing just at the end after parsing the PKCS10 in the state PROFILE_SET with global_set_error_invalid_profile. The logs from the SCEP server are: DEB Incoming SCEP operation 'GetCACaps' on endpoint 'scep' [pid=71|server=scep|tid=6EA7B80F360928775E046C0C3A5FED60|endpoint=scep] DEB Config created [pid=71|server=scep|tid=6EA7B80F360928775E046C0C3A5FED60|endpoint=scep] DEB Calling context is plain HTTP [pid=71|server=scep|tid=6EA7B80F360928775E046C0C3A5FED60|endpoint=scep] DEB Initialize client [pid=71|endpoint=scep|tid=6EA7B80F360928775E046C0C3A5FED60|server=scep] DEB Started volatile session with id: j6S7lRUpQMSHXnCof9xcEw== [pid=71|server=scep|endpoint=scep|tid=6EA7B80F360928775E046C0C3A5FED60] DEB Selecting auth stack _System [pid=71|server=scep|tid=6EA7B80F360928775E046C0C3A5FED60|endpoint=scep] DEB Workflow "scep_getcacaps" created: id #0, state "SUCCESS" [pid=71|tid=6EA7B80F360928775E046C0C3A5FED60|endpoint=scep|server=scep] DEB HTTP status: [200 OK] [pid=71|tid=6EA7B80F360928775E046C0C3A5FED60|endpoint=scep|server=scep] DEB Incoming SCEP operation 'PKIOperation' on endpoint 'scep' [pid=71|endpoint=scep|tid=6EA7B80F360928775E046C0C3A5FED60|server=scep] DEB Got PKIOperation via POST [pid=71|endpoint=scep|tid=6EA7B80F360928775E046C0C3A5FED60|server=scep] DEB Config created [pid=71|server=scep|tid=6EA7B80F360928775E046C0C3A5FED60|endpoint=scep] DEB Initialize client [pid=71|tid=6EA7B80F360928775E046C0C3A5FED60|endpoint=scep|server=scep] DEB Started volatile session with id: 3XblKVKDQo+9bKed/z8ysQ== [pid=71|endpoint=scep|tid=6EA7B80F360928775E046C0C3A5FED60|server=scep] DEB Selecting auth stack _System [pid=71|endpoint=scep|tid=6EA7B80F360928775E046C0C3A5FED60|server=scep] DEB Handle enrollment [pid=71|tid=6EA7B80F360928775E046C0C3A5FED60|endpoint=scep|server=scep] DEB Calling context is plain HTTP [pid=71|server=scep|tid=6EA7B80F360928775E046C0C3A5FED60|endpoint=scep] DEB Adding extra parameters for message type 'PKCSReq' [pid=71|endpoint=scep|tid=6EA7B80F360928775E046C0C3A5FED60|server=scep] DEB Pickup via attribute: transaction_id = 6EA7B80F360928775E046C0C3A5FED60 [pid=71|tid=6EA7B80F360928775E046C0C3A5FED60|endpoint=scep|server=scep] DEB Pick up workflow #2303 [pid=71|tid=6EA7B80F360928775E046C0C3A5FED60|endpoint=scep|server=scep] DEB HTTP status: [400 Request was rejected: I18N_OPENXPKI_UI_INVALID_PROFILE] [pid=71|server=scep|endpoint=scep|tid=6EA7B80F360928775E046C0C3A5FED60] ERR Request was rejected: I18N_OPENXPKI_UI_INVALID_PROFILE [pid=71|server=scep|endpoint=scep|tid=6EA7B80F360928775E046C0C3A5FED60] WAR Client error / malformed request: badRequest (internal code: 40006) [pid=71|tid=6EA7B80F360928775E046C0C3A5FED60|endpoint=scep|server=scep] DEB Disconnect client [pid=71|tid=6EA7B80F360928775E046C0C3A5FED60|endpoint=scep|server=scep] Workflow history: INITIAL enroll_initialize INITIAL_ENROLL_INITIALIZE_0 global_map_url_params INITIAL_ENROLL_INITIALIZE_1 enroll_set_transaction_id INITIAL_ENROLL_INITIALIZE_2 enroll_set_workflow_attributes INITIAL_ENROLL_INITIALIZE_3 global_load_policy INITIAL_ENROLL_INITIALIZE_4 global_set_profile INITIAL_ENROLL_INITIALIZE_5 enroll_parse_pkcs10 PARSED global_noop PROFILE_SET global_set_error_invalid_profile Any information in previous messages was helpful for this error, the only message was this thread<https://sourceforge.net/p/openxpki/mailman/message/37854953/>, but it was related to EST and at least from me, this was not the solution. Do you have any idea what could be the problem? Happy coding and best Regards, Jairo R. Mejia Aponte | Embedded Software Linux Junior Engineer Netmodule | Hirschmann Automation & Control GmbH Location Eschborn | Frankfurter Str. 10-14 | 65760 Eschborn | Germany jairo.mejiaapo...@netmodule.com<mailto:benjamin.k...@netmodule.com> | www.netmodule.com<http://www.netmodule.com/> | www.belden.com<http://www.belden.com/>
_______________________________________________ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
