Thanks for your response. I was more looking for a server side configuration to enable it like Microsoft CA has got. It seems there is no configuration and one has to trigger approval separately. Probably doing via RestAPI is more quick hence I saw this: https://github.com/dogtagpki/pki/wiki/PKI-CA-Approve-Certificate-Request-REST-API
I am able to make calls to get a certificate i.e. https://192.168.56.103:8443/ca/rest/certs/0xd successfully but when I try to approve a pending request I get an error. If I don't set *Content-Type* I get *Unsupported media type *and when I set it to *application/xml *I get *400 Bad Request* with following exception: javax.xml.bind.JAXBException - with linked exception: [java.security.PrivilegedActionException: javax.xml.bind.UnmarshalException - with linked exception: [org.xml.sax.SAXParseException; Premature end of file.]] [image: image.png] Do I need to login and pass some token to the *approve* call as hinted here: https://www.dogtagpki.org/wiki/PKI_REST_API? I am using the admin cert for client auth and testing using Postman which comes as default and hence should be able to approve. Having said, I can trigger approve via CLI command while authenticated by the same admin cert: pki -c *Secret.123* -n "*PKI Administrator for localhost.localdomain*" ca-cert-request-review *40* --action *approve* In short I can achieve approval via sending P10 cert request via Java SDK and then approving via CLI but I would prefer the RestFul API approach if possible. Any Hint on why Restful API could be failing? Regards, WK On Thu, Oct 29, 2020 at 3:21 AM Marc Sauton <msau...@redhat.com> wrote: > yes, it works by having SSL client authentication for an "agent" user, or > LDAP basic authentication (without or with a pre-defined pin), or CMC: > > example for SSL server cert, look at the profile caAgentServerCert.cfg > > example for SSL server cert using CMC, see > > https://github.com/dogtagpki/pki/wiki/Issuing-SSL-Server-Certificate-with-CMC > > for end user cert, examples with caDirPinUserCert.cfg , caDirUserCert.cfg > > from the pki command line with LDAP basic authentication , look for the > command cert-request-submit with the --username > either > pki cert-request-submit --help > or > pki ca-cert-request-submit --help > see > https://www.dogtagpki.org/wiki/Directory-Authenticated_Profiles > > > On Wed, Oct 28, 2020 at 2:20 AM Wahaj K <mwahaj3...@gmail.com> wrote: > >> Hi Guys, >> >> I am new to Dogtag PKI and have installed it on fedora 33. I am able to >> send a PKCS#10 certificate, approve and then get the issued certificate. I >> need to know a way to generate the certificate without manual approval >> hence when PKCS#10 request is sent ,the certificate is generated right >> away. I have looked at profiles, CA configuration but couldn't see a way. I >> am using Dogtag 10.9. Is this possible? Any guidance is appreciated. >> >> Regards, >> Wahaj >> _______________________________________________ >> Pki-users mailing list >> Pki-users@redhat.com >> https://www.redhat.com/mailman/listinfo/pki-users > >
_______________________________________________ Pki-users mailing list Pki-users@redhat.com https://www.redhat.com/mailman/listinfo/pki-users
