Sorry for posting to GitHub first! I'll copy my text here: Hello everyone. I followed the quickstart guide to setup the democa on a debian 12 VM since I wanted to try out the SCEP workflow. I tried with different SCEP clients, also with sscep as it is described in the quickstart guide. I can send getca / getcacaps requests, but the enrollment always fails with:
./sscep: pkistatus: FAILURE ./sscep: reason: Transaction not permitted or supported The GUI shows me that the workflow failed with error "Invalid profile". On the server side, I see this in the catchall log: 2025/02/04 14:11:26 openxpki.auth.INFO Login successful (user: Anonymous, role: System) [pid=1532|sid=JhsR|pki_realm=democa] 2025/02/04 14:11:26 openxpki.auth.INFO Login successful (user: Anonymous, role: System) [pid=1534|sid=2jGu|pki_realm=democa] 2025/02/04 14:11:27 openxpki.auth.INFO Login successful (user: Anonymous, role: System) [pid=1536|sid=nAWV|pki_realm=democa] 2025/02/04 14:11:27 openxpki.application.WARN No policy params set in LoadPolicy [pid=1536|user=Anonymous|role=System|sid=nAWV|wftype=certificate_enroll|wfid=15871|pki_realm=democa] 2025/02/04 14:11:27 OpenXPKI.Server.Workflow.Condition.KeyParams.ERROR configuration_error exception thrown from [OpenXPKI::Server::Workflow::Condition::KeyParams: 40; before: OpenXPKI::Server::Workflow::Condition: 53]: You must pass either the profile name or the key_rules directly [pid=1536|user=Anonymous|role=System|sid=nAWV|wftype=certificate_enroll|wfid=15871|pki_realm=democa] I don't get what I am supposed to do there. I am creating a CSR with the challenge password "SecretChallenge". I don't think a specific subject/common name is needed? The cert_profile is set to tls_server in /etc/openxpki/config.d/realm.tpl/scep/generic.yaml (I haven't touched these files so I assume they are all set up from the sampleconfig.sh). I hope you can help me out here :) ________________________________ Ce message, ainsi que tous les fichiers joints à ce message, peuvent contenir des informations sensibles et/ ou confidentielles ne devant pas être divulguées. Si vous n'êtes pas le destinataire de ce message (ou que vous recevez ce message par erreur), nous vous remercions de le notifier immédiatement à son expéditeur, et de détruire ce message. Toute copie, divulgation, modification, utilisation ou diffusion, non autorisée, directe ou indirecte, de tout ou partie de ce message, est strictement interdite. This e-mail, and any document attached hereby, may contain confidential and/or privileged information. If you are not the intended recipient (or have received this e-mail in error) please notify the sender immediately and destroy this e-mail. Any unauthorized, direct or indirect, copying, disclosure, distribution or other use of the material or parts thereof is strictly forbidden.
_______________________________________________ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
