[PacketFence-users] PacketFence PKI issue

Mon, 09 Nov 2015 19:15:37 -0800 

Hi,

I'm having an issue with the assignment of certificates using the
packetfence PKI plugin. The plugin resides on the same box as Packetfence.
The distro is Debian Wheezy and the version of packetfence is 5.4. I've
configured the CA, the templates and a radius server cert. I've then added
the PKI details into packetfence but when I try to onboard a test user the
certificate assignment fails with the error that the certificate server
cannot be reach. I've trolled through the logs and this is a section of the
error its reporting:

"<div id="summary">
  <h1>Error at /pki/cert/rest/get/denver/</h1>
  <pre class="exception_value">[(&#39;asn1 encoding routines&#39;,
&#39;a2d_ASN1_OBJECT&#39;, &#39;first num too large&#39;), (&#39;X509 V3
routines&#39;, &#39;V2I_EXTENDED_KEY_USAGE&#39;, &#39;invalid object
identifier&#39;), (&#39;X509 V3 routines&#39;, &#39;X509V3_EXT_nconf&#39;,
&#39;error in extension&#39;)]</pre>
  <table class="meta">

    <tr>
      <th>Request Method:</th>
      <td>POST</td>
    </tr>
    <tr>
      <th>Request URL:</th>
      <td>https://127.0.0.1:9393/pki/cert/rest/get/denver/</td>
    </tr>

    <tr>
      <th>Django Version:</th>
      <td>1.7.1</td>
    </tr>

    <tr>
      <th>Exception Type:</th>
      <td>Error</td>
    </tr>


    <tr>
      <th>Exception Value:</th>
      <td><pre>[(&#39;asn1 encoding routines&#39;,
&#39;a2d_ASN1_OBJECT&#39;, &#39;first num too large&#39;), (&#39;X509 V3
routines&#39;, &#39;V2I_EXTENDED_KEY_USAGE&#39;, &#39;invalid object
identifier&#39;), (&#39;X509 V3 routines&#39;, &#39;X509V3_EXT_nconf&#39;,
&#39;error in extension&#39;)]</pre></td>
    </tr>


    <tr>
      <th>Exception Location:</th>
      <td>/usr/local/packetfence-pki/pki/models.py in sign, line 328</td>
    </tr>

    <tr>
      <th>Python Executable:</th>
      <td>/usr/bin/python</td>
    </tr>
    <tr>
      <th>Python Version:</th>
      <td>2.7.3</td>
    </tr>
    <tr>
      <th>Python Path:</th>
      <td><pre>[&#39;/usr/lib/python2.7&#39;,
 &#39;/usr/lib/python2.7/plat-linux2&#39;,
 &#39;/usr/lib/python2.7/lib-tk&#39;,
 &#39;/usr/lib/python2.7/lib-old&#39;,
 &#39;/usr/lib/python2.7/lib-dynload&#39;,
 &#39;/usr/local/lib/python2.7/dist-packages&#39;,
 &#39;/usr/lib/python2.7/dist-packages&#39;,
 &#39;/usr/lib/python2.7/dist-packages/PIL&#39;,
"

The cert does get generated as I can see it in the packetfence PKI gui but
it doesn't get assigned to the user. I'm not sure what the issue is as I'm
not great with this REST API/Python stuff. I would be extremely grateful
for any advice or pointers.

Cheers,

Jonathan

------------------------------------------------------------------------------

_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users

Reply via email to