Hi, Thanks for the hint. Now, I make with curl the same queries than "a pki -U http://dogtag.org:8080 -C nss_pwd -n caadmin ca-cert-request-review 8 --action approve" (I'm using unsecure port to be able to capture unencrypted queries to the API):
I start with a login and a review to get a nonce: curl -s --cert-type P12 --cert ca_admin_cert.p12:<pkc12pwd> https://dogtag.org:8443/ca/rest/account/login curl -s -H "Accept: application/xml" --cert-type P12 --cert ca_admin_cert.p12:<pkc12pwd> https://dogtag.org:8443/ca/rest/agent/certrequests/08 | xmllint --format - > 08.xml The nonce is well generated: $ grep nonce 08.xml <nonce>-8605088983470492766</nonce> Then, I do a curl/POST to /ca/rest/agent/certrequests/8/approve, but the request returns the error "Nonce for cert-request 8 does not exist" curl -X POST --cert-type P12 --cert ca_admin_cert.p12:<pkc12pwd> https://dogtag.org:8443/ca/rest/agent/certrequests/8/approve --header "Content-Type:application/xml" -H "Accept: application/json" { "Attributes": { "Attribute": [] }, "ClassName": "com.netscape.certsrv.base.BadRequestException", "Code": 400, "Message": "Nonce for cert-request 8 does not exist" } Something is missing... any ideas? BR Le jeu. 4 févr. 2021 à 23:38, Marc Sauton <msau...@redhat.com> a écrit : > or use the pki command like tool with the option ca-cert-request-review : > https://github.com/dogtagpki/pki/wiki/Handling-Certificate-Request > for example: > pki -U https://ca1.example.test:8443/ca -d ~/.dogtag/subca1 -C > ~/.dogtag/subca1/pwdfile.txt -n caadmin ca-cert-request-review 1011 > --action approve > > and after successful authentication, the URI is in the form > of /ca/rest/agent/certrequests/xx/approve > where xx is the request id > it is a HTTPS POST operation > > Thanks, > M. > > > On Thu, Feb 4, 2021 at 1:43 AM Perig Bouenou <pseit...@gmail.com> wrote: > >> Hello >> >> >> I'm trying to approve certificate requests by using curl as in >> https://github.com/dogtagpki/pki/wiki/PKI-CA-Approve-Certificate-Request-REST-API >> >> I manage to submit certificate requests by posting an xml request >> template, I can retrieve the list of requests, the curl command for a >> review works fine, but I'm stuck with approval by using curl (I can approve >> CSR with pki tool but I still don't know do the same with curl). >> >> BTW, here is my command for reviewing request: >> >> curl -ks -X GET --cert-type P12 --cert ca_admin_cert.p12:<password> >> https://dogtag.server:8443/ca/rest/agent/certrequests/08 --header >> "Content-Type:application/xml" | xmllint --format - >> >> >> Can someone tell me what's the correct curl command to approve cr? or is >> there any example of request approval (with curl) somewhere? or even >> something more detailed than >> https://github.com/dogtagpki/pki/wiki/PKI-CA-Approve-Certificate-Request-REST-API >> ? >> >> PS: I had a look at the JAVA API ( >> https://github.com/dogtagpki/pki/wiki/PKI-CA-Java-API#approving-a-certificate-request) >> but it didn't help me so much. >> >> Regards, >> Pier >> _______________________________________________ >> Pki-users mailing list >> Pki-users@redhat.com >> https://www.redhat.com/mailman/listinfo/pki-users > >
_______________________________________________ Pki-users mailing list Pki-users@redhat.com https://www.redhat.com/mailman/listinfo/pki-users
