[OpenXPKI-users] versioning policy

2022-05-04 Thread Sergei Vyshenski 

Hi Oliver,

Page :

https://github.com/openxpki/openxpki/tags

has refs:

https://github.com/openxpki/openxpki/archive/refs/tags/v3.18.1.tar.gz
https://github.com/openxpki/openxpki/archive/refs/tags/3.18.2.tar.gz

Please note absence of "v" before version number in the second case.
Looks like a misprint, which is in contrast to other dists on the same 
page and to dists of openxpki-config, libscep.

This troubles package automation.

Maybe you could consider a fix?

Regards, Sergei


___
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users

Re: [OpenXPKI-users] Request for help to configure CRL (certificate revocation list) for EST protocol in openxpki 3.x

2022-05-04 Thread Martin Bartosch via OpenXPKI-users 
Hi,

> I want to configure CRL (certificate revocation list) for EST protocol in 
> openxpki 3.x server. I did it for SCEP protocol in openxpki 2.x. Can you 
> please help me with the required steps for EST (e.g. Generating CRL 
> information, Configuring CRL accessibility etc.)
>  
> For your reference, I’m attaching the used steps for SCEP.

I am afraid I do not understand the question/problem.

Cheers

Martin



___
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users

[OpenXPKI-users] Request for help to configure CRL (certificate revocation list) for EST protocol in openxpki 3.x

2022-05-04 Thread Chandramauli De via OpenXPKI-users 
Hello everyone,

I want to configure CRL (certificate revocation list) for EST protocol in 
openxpki 3.x server. I did it for SCEP protocol in openxpki 2.x. Can you please 
help me with the required steps for EST (e.g. Generating CRL information, 
Configuring CRL accessibility etc.)

For your reference, I'm attaching the used steps for SCEP.



Thanks & Regards,
Chandra

Chandramauli De
QA, Fleet management
STL, ISS

[http://www.lexmark.com/common/images/email/lexmark-logo-email-signature.png]
www.lexmark.com

[cid:image002.jpg@01D85FC4.846C2BE0]

Generating CRL information

Note: If your server is reachable using the FQDN, then use the DNS of the 
server instead of its IP address.
1 Stop the OpenXPKI service using Openxpkictl stop.
2 In nano /etc/openxpki/config.d/realm/ca-one/publishing.yaml, update the 
connectors: cdp section to
the following:
class: Connector::Builtin::File::Path
LOCATION: /var/www/openxpki/CertEnroll/
file: "[% ARGS.0 %].crl"
content: "[% pem %]"
a In nano /etc/openxpki/config.d/realm/ca-one/profile/default.yaml, update the 
following:
• crl_distribution_points: section
critical: 0
uri:
- http://FQDN of the server/CertEnroll/[% ISSUER.CN.0 %].crl
- ldap://localhost/[% ISSUER.DN %]
• authority_info_access: section
critical: 0
ca_issuers: http://FQDN of the server/CertEnroll/MYOPENXPKI.crt
ocsp: http://ocsp.openxpki.org/
Change the IP address and CA certificate name according to your CA server.
b In nano /etc/openxpki/config.d/realm/ca-one/crl/default.yaml, do the 
following:
• If necessary, update nextupdate and renewal.
• Add ca_issuers to the following section:
extensions:
authority_info_access:
critical: 0
# ca_issuers and ocsp can be scalar or list
ca_issuers: http://FQDN of the server/CertEnroll/MYOPENXPKI.crt
#ocsp: http://ocsp.openxpki.org/
Change the IP address and CA certificate name according to your CA server.
Managing certificates 99
3 Start the OpenXPKI service using Openxpkictl start.


Configuring CRL accessibility
-
1 Stop the Apache service using service apache2 stop.
2 Create a CertEnroll directory for crl in the /var/www/openxpki/ directory.
3 Set openxpki as the owner of this directory, and then configure the 
permissions to let Apache read and
execute, and other services to read only.
chown openxpki /var/www/openxpki/CertEnroll
chmod 755 /var/www/openxpki/CertEnroll
4 Add a reference to the Apache alias.conf file using nano 
/etc/apache2/modsenabled/
alias.conf.
5 After the  section, add the following:
Alias /CertEnroll/ "/var/www/openxpki/CertEnroll/"

Options FollowSymlinks
AllowOverride None
Require all granted

6 Add a reference in the apache2.conf file using nano /etc/apache2/apache2.conf.
7 Add the following in the Apache2 HTTPD server section:

Options FollowSymlinks
AllowOverride None
Allow from all

8 Start the Apache service using service apache2 start.___
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users