Hello,
what URL did you use for enrolling? You must use a valid endpoint
definition, so the one in the sample config is http://..../scep/generic
Oliver
On 25.06.24 11:30, Jairo Mejia Aponte wrote:
Hello,
I have just performed a new installation of OpenXPKI v.30.3 with
Docker in a Debian 12 host. I tried to enroll with SSCEP v0.10.0, as
the documentation from the docker repo and the quickstart guide
<https://openxpki.readthedocs.io/en/latest/quickstart.html> suggested.
I used the community configuration. The only difference from the basic
configuration is that I increased the logging level and the real_mode
as suggested in a previous Mailing List message when working with a
hostname instead of path (default).
The GETCA operation works, but as soon as I wanted to ENROLL, I got
problems. I received a pkistatus FAILURE in the client and the reason:
"Transaction not permitted or supported". When I looked at the logs
and the workflow in the WebUI, I found out that the process is failing
just at the end after parsing the PKCS10 in the state PROFILE_SET with
global_set_error_invalid_profile. The logs from the SCEP server are:
DEB Incoming SCEP operation 'GetCACaps' on endpoint 'scep'
[pid=71|server=scep|tid=6EA7B80F360928775E046C0C3A5FED60|endpoint=scep]
DEB Config created
[pid=71|server=scep|tid=6EA7B80F360928775E046C0C3A5FED60|endpoint=scep]
DEB Calling context is plain HTTP
[pid=71|server=scep|tid=6EA7B80F360928775E046C0C3A5FED60|endpoint=scep]
DEB Initialize client
[pid=71|endpoint=scep|tid=6EA7B80F360928775E046C0C3A5FED60|server=scep]
DEB Started volatile session with id: j6S7lRUpQMSHXnCof9xcEw==
[pid=71|server=scep|endpoint=scep|tid=6EA7B80F360928775E046C0C3A5FED60]
DEB Selecting auth stack _System
[pid=71|server=scep|tid=6EA7B80F360928775E046C0C3A5FED60|endpoint=scep]
DEB Workflow "scep_getcacaps" created: id #0, state "SUCCESS"
[pid=71|tid=6EA7B80F360928775E046C0C3A5FED60|endpoint=scep|server=scep]
DEB HTTP status: [200 OK]
[pid=71|tid=6EA7B80F360928775E046C0C3A5FED60|endpoint=scep|server=scep]
DEB Incoming SCEP operation 'PKIOperation' on endpoint 'scep'
[pid=71|endpoint=scep|tid=6EA7B80F360928775E046C0C3A5FED60|server=scep]
DEB Got PKIOperation via POST
[pid=71|endpoint=scep|tid=6EA7B80F360928775E046C0C3A5FED60|server=scep]
DEB Config created
[pid=71|server=scep|tid=6EA7B80F360928775E046C0C3A5FED60|endpoint=scep]
DEB Initialize client
[pid=71|tid=6EA7B80F360928775E046C0C3A5FED60|endpoint=scep|server=scep]
DEB Started volatile session with id: 3XblKVKDQo+9bKed/z8ysQ==
[pid=71|endpoint=scep|tid=6EA7B80F360928775E046C0C3A5FED60|server=scep]
DEB Selecting auth stack _System
[pid=71|endpoint=scep|tid=6EA7B80F360928775E046C0C3A5FED60|server=scep]
DEB Handle enrollment
[pid=71|tid=6EA7B80F360928775E046C0C3A5FED60|endpoint=scep|server=scep]
DEB Calling context is plain HTTP
[pid=71|server=scep|tid=6EA7B80F360928775E046C0C3A5FED60|endpoint=scep]
DEB Adding extra parameters for message type 'PKCSReq'
[pid=71|endpoint=scep|tid=6EA7B80F360928775E046C0C3A5FED60|server=scep]
DEB Pickup via attribute: transaction_id =
6EA7B80F360928775E046C0C3A5FED60
[pid=71|tid=6EA7B80F360928775E046C0C3A5FED60|endpoint=scep|server=scep]
DEB Pick up workflow #2303
[pid=71|tid=6EA7B80F360928775E046C0C3A5FED60|endpoint=scep|server=scep]
DEB HTTP status: [400 Request was rejected:
I18N_OPENXPKI_UI_INVALID_PROFILE]
[pid=71|server=scep|endpoint=scep|tid=6EA7B80F360928775E046C0C3A5FED60]
ERR Request was rejected: I18N_OPENXPKI_UI_INVALID_PROFILE
[pid=71|server=scep|endpoint=scep|tid=6EA7B80F360928775E046C0C3A5FED60]
WAR Client error / malformed request: badRequest (internal code:
40006)
[pid=71|tid=6EA7B80F360928775E046C0C3A5FED60|endpoint=scep|server=scep]
DEB Disconnect client
[pid=71|tid=6EA7B80F360928775E046C0C3A5FED60|endpoint=scep|server=scep]
*Workflow history:*
**
INITIAL enroll_initialize
INITIAL_ENROLL_INITIALIZE_0 global_map_url_params
INITIAL_ENROLL_INITIALIZE_1 enroll_set_transaction_id
INITIAL_ENROLL_INITIALIZE_2 enroll_set_workflow_attributes
INITIAL_ENROLL_INITIALIZE_3 global_load_policy
INITIAL_ENROLL_INITIALIZE_4 global_set_profile
INITIAL_ENROLL_INITIALIZE_5 enroll_parse_pkcs10
PARSED global_noop
PROFILE_SET global_set_error_invalid_profile
Any information in previous messages was helpful for this error, the
only message was this thread
<https://sourceforge.net/p/openxpki/mailman/message/37854953/>, but it
was related to EST and at least from me, this was not the solution. Do
you have any idea what could be the problem?
Happy coding and best Regards,
*
*
*Jairo R. Mejia Aponte* | Embedded Software Linux Junior Engineer
Netmodule | Hirschmann Automation & Control GmbH
Location Eschborn | Frankfurter Str. 10-14 | 65760 Eschborn | Germany
jairo.mejiaapo...@netmodule.com <mailto:benjamin.k...@netmodule.com> |
www.netmodule.com <http://www.netmodule.com/> | www.belden.com
<http://www.belden.com/>
_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users
--
Protect your environment - close windows and adopt a penguin!
_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users
