Hi,
I am using OpenXPKI Version 3.30.9 and i am trying to make RPC work, so far i
was able to search and revoke certificates but I am having some issue
Requesting certificate using a csr. I am sharing the Command and CSR generation
below, please let me know what I am missing. The command and error are as below:
openssl genpkey -algorithm RSA -out chris.key -pkeyopt rsa_keygen_bits:2048
openssl req -new -key chris.key -out chris.csr -subj
"/CN=chris.com/O=ChrisCorp/OU=IT Department/L=San
Francisco/ST=California/C=US/emailAddress=ch...@xyz.com"
root@debian:~/temp# curl -v -H "Content-Type: application/json" --data
"{\"pkcs10\": \"$(awk 'NF {sub(/\r/, ""); printf "%s\\n",$0;}' chris.csr | sed
':a;N;$!ba;s/\n/\\n/g' | sed 's/\"/\\"/g')\", \"profile\": \"tls_server\",
\"comment\": \"Automated Request\", \"signature\": \"\"}" --key
/root/temp/pkiclient.key --cert /root/temp/pkiclient.crt --cacert
/root/temp/cacert.crt https://xxxxxxx/rpc/enroll/RequestCertificate
* Trying 192.168.10.135:443...
* Connected to xxxxxxx (192.168.10.135) port 443 (#0)
* ALPN: offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* CAfile: /root/temp/cacert.crt
* CApath: /etc/ssl/certs
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN: server accepted http/1.1
* Server certificate:
* subject: CN=xxxxxxx
* start date: Feb 17 07:51:20 2025 GMT
* expire date: Nov 4 07:51:20 2044 GMT
* subjectAltName: host "xxxxxxx" matched cert's "xxxxxxx"
* issuer: CN=xxxxxxx
* SSL certificate verify ok.
* using HTTP/1.1
> POST /rpc/enroll/RequestCertificate HTTP/1.1
> Host: xxxxxxx
> User-Agent: curl/7.88.1
> Accept: */*
> Content-Type: application/json
> Content-Length: 1180
>
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* TLSv1.3 (IN), TLS handshake, Request CERT (13):
* TLSv1.3 (OUT), TLS handshake, Certificate (11):
* TLSv1.3 (OUT), TLS handshake, CERT verify (15):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
* old SSL session ID is stale, removing
< HTTP/1.1 200 OK
< Date: Wed, 19 Feb 2025 07:54:58 GMT
< Server: Apache
< Strict-Transport-Security: max-age=31536000
< X-Frame-Options: deny
< X-XSS-Protection: 1; mode=block;
< Transfer-Encoding: chunked
< Content-Type: application/json; charset=utf8
<
* Connection #0 to host xxxxxxx left
intact{"result":{"proc_state":"finished","id":8959,"data":{"transaction_id":"89518eeaa5d3e091a6616ffc72fdc5a26f2e06d1","error_code":"Invalid
Profile"},"pid":2187,"state":"FAILURE"}}
Regards,
Chris_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users
