subject:"\[OpenXPKI\-users\] EST and realm"

Re: [OpenXPKI-users] EST and realm

2023-08-30 Thread Thomas Gusset

Hi Nick
Thanks a lot.
I'm a bit confused why you have to configure realm-specific items in the main 
configuration area.
I can't see any connection between the .conf files in /etc/openxpki/est/ and 
the .yaml files in /etc/openxpki/est/config.d/realm/$REALM/est/.
And yes, I need different configurations for the two EST endpoints in the same 
realm.
My idea is to issue certificates without manual approval when the request comes 
from a dedicated network during fabrication. If the request comes from the rest 
of the world, an RA operator has to approve the request.

Best Regards
Thomas

From: Nick Dawson 
Sent: Dienstag, 29. August 2023 18:46
To: openxpki-users@lists.sourceforge.net
Subject: Re: [OpenXPKI-users] EST and realm

Again, I'm not the most knowledgable but I think I'm closer to your timezone so 
my reply might help you test.
/etc/openxpki/est/default.yaml <--- I believe default.conf determines the end 
point.
So you'd need
/etc/openxpki/est/prod.conf
/etc/openxpki/est/field.conf
I don't believe you need to change  
/etc/openxpki/est/config.d/realm/$REALM/est/default.yaml unless you want to 
change the rules for how that realm processes EST requests or which profile it 
uses.…. (Although I may be wrong, that file name may need to match )

here's the doc section:
https://openxpki.readthedocs.io/en/stable/subsystems/index.html#config-path-expansion

On Tue, Aug 29, 2023 at 7:58 AM, Thomas Gusset 
mailto:thomas.gus...@netsec.co>> wrote:
Hi
Using the realm name in the URL works like expected.
Now I would like to have two EST endpoints with different configurations in the 
same realm
https://localhost:8443/.well-known/est/$REALM/prod/simpleenroll
https://localhost:8443/.well-known/est/$REALM/field/simpleenroll
Where must the configuration files be stored and how must they be named?
I tried

  *   $REALM/est/prod.yaml
  *   $REALM/est/prod/prod.yaml
without success

thanks and Best Regards
Thomas

From: Harm Verhagen mailto:h...@symeon.nl>>
Sent: Dienstag, 15. August 2023 12:31
To: 
openxpki-users@lists.sourceforge.net<mailto:openxpki-users@lists.sourceforge.net>
Subject: Re: [OpenXPKI-users] EST and realm

using the realm name in the URL.

eg: https://localhost:8443/.well-known/est/$REALM/simpleenroll

On Mon, Aug 14, 2023 at 7:35 PM Martin Bartosch via OpenXPKI-users 
mailto:openxpki-users@lists.sourceforge.net>>
 wrote:
Hi,

> But I have an other question: is it possible to have an EST endpoint per 
> realm?

OpenXPKI supports an arbitrary number of enrollment endpoints (EST, SCEP, RPC) 
per PKI Realm. Each of those can have different enrollment policies.

Cheers

Martin

___
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net<mailto:OpenXPKI-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/openxpki-users

___
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net<mailto:OpenXPKI-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/openxpki-users

smime.p7s
Description: S/MIME cryptographic signature
___
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users

Re: [OpenXPKI-users] EST and realm

2023-08-29 Thread Nick Dawson

Again, I'm not the most knowledgable but I think I'm closer to
your timezone so my reply might help you test.
/etc/openxpki/est/default.yaml <--- I believe default.conf determines the
end point.
So you'd need
/etc/openxpki/est/prod.conf
/etc/openxpki/est/field.conf
I don't believe you need to change
/etc/openxpki/est/config.d/realm/$REALM/est/default.yaml unless you want to
change the rules for how that realm processes EST requests or which profile
it uses.…. (Although I may be wrong, that file name may need to match )

here's the doc section:
https://openxpki.readthedocs.io/en/stable/subsystems/index.html#config-path-expansion




On Tue, Aug 29, 2023 at 7:58 AM, Thomas Gusset 
wrote:

> Hi
>
> Using the realm name in the URL works like expected.
>
> Now I would like to have two EST endpoints with different configurations
> in the same realm
>
> https://localhost:8443/.well-known/est/$REALM/prod/simpleenroll
>
> https://localhost:8443/.well-known/est/$REALM/field/simpleenroll
>
> Where must the configuration files be stored and how must they be named?
>
> I tried
>
>- $REALM/est/prod.yaml
>- $REALM/est/prod/prod.yaml
>
> without success
>
>
>
> thanks and Best Regards
>
> Thomas
>
>
>
>
>
> *From:* Harm Verhagen 
> *Sent:* Dienstag, 15. August 2023 12:31
> *To:* openxpki-users@lists.sourceforge.net
> *Subject:* Re: [OpenXPKI-users] EST and realm
>
>
>
> using the realm name in the URL.
>
>
>
> eg: https://localhost:8443/.well-known/est/$REALM/simpleenroll
>
>
>
> On Mon, Aug 14, 2023 at 7:35 PM Martin Bartosch via OpenXPKI-users <
> openxpki-users@lists.sourceforge.net> wrote:
>
> Hi,
>
> > But I have an other question: is it possible to have an EST endpoint per
> realm?
>
> OpenXPKI supports an arbitrary number of enrollment endpoints (EST, SCEP,
> RPC) per PKI Realm. Each of those can have different enrollment policies.
>
> Cheers
>
> Martin
>
>
>
> ___
> OpenXPKI-users mailing list
> OpenXPKI-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openxpki-users
>
> ___
> OpenXPKI-users mailing list
> OpenXPKI-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openxpki-users
>
___
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users

Re: [OpenXPKI-users] EST and realm

2023-08-29 Thread Thomas Gusset

Hi
Using the realm name in the URL works like expected.
Now I would like to have two EST endpoints with different configurations in the 
same realm
https://localhost:8443/.well-known/est/$REALM/prod/simpleenroll
https://localhost:8443/.well-known/est/$REALM/field/simpleenroll
Where must the configuration files be stored and how must they be named?
I tried

  *   $REALM/est/prod.yaml
  *   $REALM/est/prod/prod.yaml
without success

thanks and Best Regards
Thomas

From: Harm Verhagen 
Sent: Dienstag, 15. August 2023 12:31
To: openxpki-users@lists.sourceforge.net
Subject: Re: [OpenXPKI-users] EST and realm

using the realm name in the URL.

eg: https://localhost:8443/.well-known/est/$REALM/simpleenroll

On Mon, Aug 14, 2023 at 7:35 PM Martin Bartosch via OpenXPKI-users 
mailto:openxpki-users@lists.sourceforge.net>>
 wrote:
Hi,

> But I have an other question: is it possible to have an EST endpoint per 
> realm?

OpenXPKI supports an arbitrary number of enrollment endpoints (EST, SCEP, RPC) 
per PKI Realm. Each of those can have different enrollment policies.

Cheers

Martin

___
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net<mailto:OpenXPKI-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/openxpki-users

smime.p7s
Description: S/MIME cryptographic signature
___
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users

Re: [OpenXPKI-users] EST and realm

2023-08-15 Thread Harm Verhagen

using the realm name in the URL.

eg: https://localhost:8443/.well-known/est/$REALM/simpleenroll

On Mon, Aug 14, 2023 at 7:35 PM Martin Bartosch via OpenXPKI-users <
openxpki-users@lists.sourceforge.net> wrote:

> Hi,
>
> > But I have an other question: is it possible to have an EST endpoint per
> realm?
>
> OpenXPKI supports an arbitrary number of enrollment endpoints (EST, SCEP,
> RPC) per PKI Realm. Each of those can have different enrollment policies.
>
> Cheers
>
> Martin
>
>
>
> ___
> OpenXPKI-users mailing list
> OpenXPKI-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openxpki-users
>
___
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users

Re: [OpenXPKI-users] EST and realm

2023-08-14 Thread Martin Bartosch via OpenXPKI-users

Hi,

> But I have an other question: is it possible to have an EST endpoint per 
> realm?

OpenXPKI supports an arbitrary number of enrollment endpoints (EST, SCEP, RPC) 
per PKI Realm. Each of those can have different enrollment policies.

Cheers

Martin



___
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users

Re: [OpenXPKI-users] EST and realm

2023-08-14 Thread Thomas Gusset

Hi
I found the problem – I used test user Bob instead of Rob

But I have an other question: is it possible to have an EST endpoint per realm?

Best Regards
Thomas

From: Thomas Gusset 
Sent: Montag, 14. August 2023 16:11
To: openxpki-users@lists.sourceforge.net
Subject: [OpenXPKI-users] EST and realm

Hi
I am trying to put EST into operation.
It worked according to the instructions when I use the sample configuration.
Now I have made a new setup without democa but with a different realm. I put it 
in /etc/openxpki/est/default.conf:
realm = ivoc-test
Access to the web GUI works and EST requests also seem to work:
202 Request Pending - Retry Later (2564e0b3655122d59a74527fea2486ec96e3044b).
However, I do not see any requests in the Web GUI.
What am I doing wrong?

Thanks in advance
Thomas

NetSec.co AG
Thomas Gusset
CEO & CTO
Im alten Riet 125, 9494 Schaan, Liechtenstein
https://netsec.co
+423 388 2777 / +423 388 2770 (direkt)
thomas.gus...@netsec.co<mailto:thomas.gus...@netsec.co>
https://threema.id/NK3MJMNP
Chat on MS 
Teams<https://teams.microsoft.com/l/chat/0/0?users=thomas.gus...@netsec.co>




smime.p7s
Description: S/MIME cryptographic signature
___
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users

[OpenXPKI-users] EST and realm

2023-08-14 Thread Thomas Gusset

Hi
I am trying to put EST into operation.
It worked according to the instructions when I use the sample configuration.
Now I have made a new setup without democa but with a different realm. I put it 
in /etc/openxpki/est/default.conf:
realm = ivoc-test
Access to the web GUI works and EST requests also seem to work:
202 Request Pending - Retry Later (2564e0b3655122d59a74527fea2486ec96e3044b).
However, I do not see any requests in the Web GUI.
What am I doing wrong?

Thanks in advance
Thomas

NetSec.co AG
Thomas Gusset
CEO & CTO
Im alten Riet 125, 9494 Schaan, Liechtenstein
https://netsec.co
+423 388 2777 / +423 388 2770 (direkt)
thomas.gus...@netsec.co
https://threema.id/NK3MJMNP
Chat on MS 
Teams




smime.p7s
Description: S/MIME cryptographic signature
___
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users

Re: [OpenXPKI-users] EST and realm

Re: [OpenXPKI-users] EST and realm

Re: [OpenXPKI-users] EST and realm

Re: [OpenXPKI-users] EST and realm

Re: [OpenXPKI-users] EST and realm

Re: [OpenXPKI-users] EST and realm

[OpenXPKI-users] EST and realm

7 matches

Site Navigation

Mail list logo

Footer information