Hi Jonathan,
based on the log i thing that extendedKeyUsage is not correctly defined.
Can you check that ?
Regards
Fabrice
Le 2015-11-09 20:45, Jonathan Mahady a écrit :
Hi,
I'm having an issue with the assignment of certificates using the
packetfence PKI plugin. The plugin resides on the same box as
Packetfence. The distro is Debian Wheezy and the version of
packetfence is 5.4. I've configured the CA, the templates and a radius
server cert. I've then added the PKI details into packetfence but when
I try to onboard a test user the certificate assignment fails with the
error that the certificate server cannot be reach. I've trolled
through the logs and this is a section of the error its reporting:
"<div id="summary">
<h1>Error at /pki/cert/rest/get/denver/</h1>
<pre class="exception_value">[('asn1 encoding routines',
'a2d_ASN1_OBJECT', 'first num too large'), ('X509
V3 routines', 'V2I_EXTENDED_KEY_USAGE', 'invalid
object identifier'), ('X509 V3 routines',
'X509V3_EXT_nconf', 'error in extension')]</pre>
<table class="meta">
<tr>
<th>Request Method:</th>
<td>POST</td>
</tr>
<tr>
<th>Request URL:</th>
<td>https://127.0.0.1:9393/pki/cert/rest/get/denver/</td>
</tr>
<tr>
<th>Django Version:</th>
<td>1.7.1</td>
</tr>
<tr>
<th>Exception Type:</th>
<td>Error</td>
</tr>
<tr>
<th>Exception Value:</th>
<td><pre>[('asn1 encoding routines',
'a2d_ASN1_OBJECT', 'first num too large'), ('X509
V3 routines', 'V2I_EXTENDED_KEY_USAGE', 'invalid
object identifier'), ('X509 V3 routines',
'X509V3_EXT_nconf', 'error in extension')]</pre></td>
</tr>
<tr>
<th>Exception Location:</th>
<td>/usr/local/packetfence-pki/pki/models.py in sign, line 328</td>
</tr>
<tr>
<th>Python Executable:</th>
<td>/usr/bin/python</td>
</tr>
<tr>
<th>Python Version:</th>
<td>2.7.3</td>
</tr>
<tr>
<th>Python Path:</th>
<td><pre>['/usr/lib/python2.7',
'/usr/lib/python2.7/plat-linux2',
'/usr/lib/python2.7/lib-tk',
'/usr/lib/python2.7/lib-old',
'/usr/lib/python2.7/lib-dynload',
'/usr/local/lib/python2.7/dist-packages',
'/usr/lib/python2.7/dist-packages',
'/usr/lib/python2.7/dist-packages/PIL',
"
The cert does get generated as I can see it in the packetfence PKI gui
but it doesn't get assigned to the user. I'm not sure what the issue
is as I'm not great with this REST API/Python stuff. I would be
extremely grateful for any advice or pointers.
Cheers,
Jonathan
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
------------------------------------------------------------------------------
_______________________________________________
PacketFence-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/packetfence-users
