I have built OpenXPKI Community Edition v3.32.8 on Debian 12.11 using the demo
configuration (sampleconfig.sh). It is running and successfully working with a
firewall that supports both manual (CSR) and SCEP enrollment.
I have successfully tested EST using the openssl and curl commands listed on
your website under the 'EST Endpoint/RFC 7030 - Default Configuration' section,
although I had to add '-k --insecure' to the curl commands to get them to work
(I know that's not recommended, but my initial aim is to get the integration
working).
I'm testing EST with the same firewall client that works with SCEP. I'm getting
an 'allowuntrusted=false, cert=null' debug message on the client and the
enrollment is failing, with no certs retrieved. Is there a way I can set
allowuntrusted=true or, alternatively, how can I trust the client. I've looked
in the .../est/default.yaml file but can't see anything obvious to tweak there.
Thank you,Mark
_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users
