Hello,
I'm trying to get certificates from an OpenXPKI-Instance via certmonger and scep. Finally most steps work but now I'm stuck: * certmonger gets information about the ca (getcert add-scep-ca ...) - WORKS AS EXPECTED * certmonger generates a request and sends it to CA - WORKS AS EXPECTED * CA looks up profile - WORKS AS EXPECTED * CA calculates eligibility - WORKS AS EXPECTED * CA generates workflow for the approval - WORKS AS EXPECTED * CA decides not to approve automaticaly because of missing expected approval points - WORKS AS EXPECTED * raop can see and manage the workflow - WORKS AS EXPECTED * CA generates an error code I18N_OPENXPKI_UI_ENROLLMENT_ERROR_NOT_APPROVED and the scep interface sends out a html page with error code 400 The last step seems like a bug to me. Because of the error, certmonger cannot know that certificate approval is pending. Therefore if I try a refresh in certmonger it does not poll for the state of the pending certificate but tries to submit the request again as an initial request. Did anyone manage to use certmonger and OpenXPKI/scep with a workflow on initial requests that requires manual approval? I'm using OpenXPKI 3.30.3 and certmonger 0.79.14+git20211010-2ubuntu1.1 (this version contains a patch that lets certmonger work with openssl 3 and is prt of jammy-proposed). Cheers Hajo
_______________________________________________ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
