Hi All
We are evaluating the openxpki for the company needs
I am running the docker compose project
I managed to test SCEP EST and issuing CRLs using UI
I wish to configure the OCSP to work with openxpki using openssl (ocsp option)
responder
I failed doing so , my latest attempt included the following
1.
Apache config
File : openxpki-config/contrib/apache2-openxpki-site.conf
Content added in <VirtualHost *:80> block
# Enable OCSP endpoint using FastCGI
ScriptAlias /ocsp /etc/openxpki/local/ocsp.fcgi
<Location /ocsp>
SetHandler fcgid-script
Options +ExecCGI
Require all granted
</Location>
Added script :
File : openxpki-docker/openxpki-config/local/ocsp.fcgi
Content :
#!/usr/bin/perl
use strict;
use warnings;
use OpenXPKI::Control::Server::CGI;
# Run the OCSP handler
my $handler = OpenXPKI::Control::Server::CGI->new({
action => 'handle_ocsp_request',
realm => 'democa',
config => '/etc/openxpki/config.d/',
cert => '/etc/openxpki/local/certs/ocsp-signer.crt',
key => '/etc/openxpki/local/keys/ocsp-signer-1.pem',
});
$handler->run();
2. Configure CRL
File : openxpki-config/config.d/realm/democa/crl/default.yaml
Content :
extensions:
authority_info_access:
critical: 0
ca_issuers: http://localhost/cacert.crt
ocsp: http://127.0.0.1:2560
3. configure crypto
file : openxpki-docker/openxpki-config/config.d/realm/democa/crypto.yaml
Content :
type:
certsign: ca-signer
datasafe: vault
cmcra: ratoken
scep: ratoken
ocsp: ocsp-signer #<----
token:
….
ocsp-signer: # <-- Add this block
inherit: default
key_store: OPENXPKI
key: /etc/openxpki/local/keys/ocsp-signer-1.pem
secret: ocsp-signer
….
secret:
…
ocsp-signer: # <--
import: 1
export: 1
4. Added signed certificate using OCSP responder profile using the UI using
name ocsp-signer-1.pem etc
I should have tested the configuration using :
openssl ocsp -issuer openxpki-docker/openxpki-config/local/ca/ca-bundle.crt \
-cert openxpki-docker/openxpki-config/local/certs/ocsp-signer.crt \
-url http://localhost:8080/ocsp \
-CAfile openxpki-docker/openxpki-config/local/ca/ca-bundle.crt
the restart of the docker comose services gives lots of errors :
openxpki-server-1 | Error writing log message to database: Database error:
execution of SQL query failed; __dbi_error__ => Incorrect string value:
'\x82\x11\x0F\x02\x01\x03...' for column `openxpki`.`application_log`.`message`
at row 1, __dsn__ => dbi:mysql:database=openxpki, __query__ => INSERT INTO
application_log ( application_log_id, category, logtimestamp, message,
priority, workflow_id) VALUES ( ?, ?, ?, ?, ?, ? ), __source__ =>
DBD::mysql::st::execute, __user__ => openxpki
can you assist me to fix or suggest easier way to implement the ocsp feature ?
Thanks a lot
Uzi
_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users
