Re: [OpenXPKI-users] How do I retrieve a Certificates key via RPC-call to http://localhost:8080/rpc/enroll/SearchCertificate
Hi Oliver,
don’t worry – it perfectly suits our needs and is just for testing purposes.
The whole thing will never go productive like that.
Nevertheless – thanks for your carefull hints.
Cheers
Andreas
Von: Oliver Welter
Antworten an: "openxpki-users@lists.sourceforge.net"
Datum: Freitag, 1. Oktober 2021 um 07:35
An: "openxpki-users@lists.sourceforge.net"
Betreff: Re: [OpenXPKI-users] How do I retrieve a Certificates key via RPC-call
to http://localhost:8080/rpc/enroll/SearchCertificate
Hi Andreas,
it is not a good idea to turn off any authentication and approval mechanism as
this gives ANYONE with access to the webservice the opportunity to get a
certificate. You should really have a look at the description of the enrollment
workflow
https://openxpki.readthedocs.io/en/develop/reference/configuration/workflows/enroll.html
and use at least an HMAC to authenticate the requests.
best regards
Oliver
Am 27.09.21 um 23:18 schrieb
andreas.so...@t-systems.com<mailto:andreas.so...@t-systems.com>:
Hi Oliver,
> you must use a new CSR - the RPC wrapper uses the PKCS10 container from the
> input to search for existing workflows for this container
> to allow asynchronous operations without the need to deal with explicit
> transaction ids.
> Therefore you are redirected to the old workflow (see the content of the id
> field) which is already failed.
Ahhh! Didn’t notice, that the server was trying to use the old workflow –
thank you for this hint !!!
So I created a new CSR and it worked like a charme:
-
openssl req -subj "/C=GB/ST=London/L=London/O=Global Security/OU=IT
Department/CN=example100.com" \
-nodes -newkey rsa:2048 -sha256 -outform PEM -out certreq.pem
curl -s -F method=RequestCertificate -F comment=test -F pkcs10="$(cat
certreq.pem)" \
-F "profile=tls-server" http://localhost:8080/rpc/enroll |
python -m json.tool
{
"result": {
"data": {
"cert_identifier": "IEhFdcfJIxHqxsu9hFC_KMIHewg",
"certificate": "-BEGIN CERTIFICATE-\n . ==\n-END
CERTIFICATE-", # deleted a lot of characters from this line at …..
"chain": "-BEGIN CERTIFICATE-\n ….. =\n-END
CERTIFICATE-",# deleted a lot of characters from this line at …..
"transaction_id": "3ab1ea270e34fe3bb4de45343276a7c9e36a4f22"
},
"id": 3839,
"pid": 94,
"proc_state": "finished",
"state": "SUCCESS"
}
}
-
Finally I fiddeled around in the policy-setting in enroll.yaml and managed to
switch off
manual approvement. So I am able now, to send CSR’s and get the corresponding
signed (?)
certificate stored in openxpki server, where it can be retrieved via REST-Call.
For the moment, this seems to fulfill my requirements (at least, I hope it
does, as I am
far away from really understanding all this PKI – sorcery)
So, thanks a lot for your help, Oliver! You are definitely a PKI-Wizard!
Kind regards
Andreas
Von: Oliver Welter <mailto:m...@oliwel.de>
Antworten an:
"openxpki-users@lists.sourceforge.net"<mailto:openxpki-users@lists.sourceforge.net>
<mailto:openxpki-users@lists.sourceforge.net>
Datum: Montag, 27. September 2021 um 13:04
An:
"openxpki-users@lists.sourceforge.net"<mailto:openxpki-users@lists.sourceforge.net>
<mailto:openxpki-users@lists.sourceforge.net>
Betreff: Re: [OpenXPKI-users] How do I retrieve a Certificates key via RPC-call
to http://localhost:8080/rpc/enroll/SearchCertificate
Hi Andreas,
you must use a new CSR - the RPC wrapper uses the PKCS10 container from the
input to search for existing workflows for this container to allow asynchronous
operations without the need to deal with explicit transaction ids. Therefore
you are redirected to the old workflow (see the content of the id field) which
is already failed.
Oliver
Am 25.09.21 um 17:49 schrieb
andreas.so...@t-systems.com<mailto:andreas.so...@t-systems.com>:
Hi all,
I changed the RPC-Call according to Olivers hints, but it still doesn’t work:
-
curl -s -F method=RequestCertificate -F comment=test -F pkcs10="$(cat
certreq.pem)" -F "profile=tls-server" http://localhost:8080/rpc/enroll |
python -m json.tool
{
"result": {
"data": {
"error_code": "Invalid Profile",
"transaction_id": "a8cf0ec19b79c3ed0d434c66b3d54880c67f47be"
},
"id": 2815,
"pid": 94,
"proc_state": "finished",
"state&
Re: [OpenXPKI-users] How do I retrieve a Certificates key via RPC-call to http://localhost:8080/rpc/enroll/SearchCertificate
Hi Andreas,
it is not a good idea to turn off any authentication and approval
mechanism as this gives ANYONE with access to the webservice the
opportunity to get a certificate. You should really have a look at the
description of the enrollment workflow
https://openxpki.readthedocs.io/en/develop/reference/configuration/workflows/enroll.html
and use at least an HMAC to authenticate the requests.
best regards
Oliver
Am 27.09.21 um 23:18 schrieb andreas.so...@t-systems.com:
>
> Hi Oliver,
>
>
>
> > you must use a new CSR - the RPC wrapper uses the PKCS10 container
> from the input to search for existing workflows for this container
>
> > to allow asynchronous operations without the need to deal with explicit
> transaction ids.
>
> > Therefore you are redirected to the old workflow (see the content of the id
> > field)
> which is already failed.
>
>
>
> Ahhh! Didn’t notice, that the server was trying to use the old
> workflow – thank you for this hint !!!
>
> So I created a new CSR and it worked like a charme:
>
>
>
> -
>
> openssl req -subj "/C=GB/ST=London/L=London/O=Global Security/OU=IT
> Department/CN=example100.com" \
>
> -nodes -newkey rsa:2048 -sha256 -outform PEM -out
> certreq.pem
>
>
>
> curl -s -F method=RequestCertificate -F comment=test -F pkcs10="$(cat
> certreq.pem)" \
>
> -F "profile=tls-server"
> http://localhost:8080/rpc/enroll | python -m json.tool
>
>
>
> {
>
> "result": {
>
> "data": {
>
> "cert_identifier": "IEhFdcfJIxHqxsu9hFC_KMIHewg",
>
> "certificate": "-BEGIN CERTIFICATE-\n .
> ==\n-END CERTIFICATE-", # deleted a lot of characters from
> this line at …..
>
> "chain": "-BEGIN CERTIFICATE-\n …..
> =\n-END CERTIFICATE-", # deleted a lot of characters
> from this line at …..
>
> "transaction_id": "3ab1ea270e34fe3bb4de45343276a7c9e36a4f22"
>
> },
>
> "id": 3839,
>
> "pid": 94,
>
> "proc_state": "finished",
>
> "state": "SUCCESS"
>
> }
>
> }
>
> -
>
>
>
> Finally I fiddeled around in the policy-setting in enroll.yaml and
> managed to switch off
>
> manual approvement. So I am able now, to send CSR’s and get the
> corresponding signed (?)
>
> certificate stored in openxpki server, where it can be retrieved via
> REST-Call.
>
>
>
> For the moment, this seems to fulfill my requirements (at least, I
> hope it does, as I am
> far away from really understanding all this PKI – sorcery)
>
>
>
> So, thanks a lot for your help, Oliver! You are definitely a PKI-Wizard!
>
>
>
> Kind regards
>
>
>
> Andreas
>
>
>
> *Von: *Oliver Welter
> *Antworten an: *"openxpki-users@lists.sourceforge.net"
>
> *Datum: *Montag, 27. September 2021 um 13:04
> *An: *"openxpki-users@lists.sourceforge.net"
>
> *Betreff: *Re: [OpenXPKI-users] How do I retrieve a Certificates key
> via RPC-call to http://localhost:8080/rpc/enroll/SearchCertificate
>
>
>
> Hi Andreas,
>
>
>
> you must use a new CSR - the RPC wrapper uses the PKCS10 container
> from the input to search for existing workflows for this container to
> allow asynchronous operations without the need to deal with explicit
> transaction ids. Therefore you are redirected to the old workflow (see
> the content of the id field) which is already failed.
>
>
>
> Oliver
>
>
>
> Am 25.09.21 um 17:49 schrieb andreas.so...@t-systems.com
> <mailto:andreas.so...@t-systems.com>:
>
> Hi all,
>
>
>
> I changed the RPC-Call according to Olivers hints, but it still
> doesn’t work:
>
>
>
> -
>
> curl -s -F method=RequestCertificate -F comment=test -F
> pkcs10="$(cat certreq.pem)" -F "profile=tls-server"
> http://localhost:8080/rpc/enroll
> <http://localhost:8080/rpc/enroll> | python -m json.tool
>
> {
>
> "result": {
>
> "data": {
>
> "error_code": "Invalid Profile",
>
> "transaction_id":
> "a8cf0ec19b79c3ed0d434c66b3d54880c67f47be"
>
> },
>
>
Re: [OpenXPKI-users] How do I retrieve a Certificates key via RPC-call to http://localhost:8080/rpc/enroll/SearchCertificate
Hi Oliver,
> you must use a new CSR - the RPC wrapper uses the PKCS10 container from the
> input to search for existing workflows for this container
> to allow asynchronous operations without the need to deal with explicit
> transaction ids.
> Therefore you are redirected to the old workflow (see the content of the id
> field) which is already failed.
Ahhh! Didn’t notice, that the server was trying to use the old workflow –
thank you for this hint !!!
So I created a new CSR and it worked like a charme:
-
openssl req -subj "/C=GB/ST=London/L=London/O=Global Security/OU=IT
Department/CN=example100.com" \
-nodes -newkey rsa:2048 -sha256 -outform PEM -out certreq.pem
curl -s -F method=RequestCertificate -F comment=test -F pkcs10="$(cat
certreq.pem)" \
-F "profile=tls-server" http://localhost:8080/rpc/enroll |
python -m json.tool
{
"result": {
"data": {
"cert_identifier": "IEhFdcfJIxHqxsu9hFC_KMIHewg",
"certificate": "-BEGIN CERTIFICATE-\n . ==\n-END
CERTIFICATE-", # deleted a lot of characters from this line at …..
"chain": "-BEGIN CERTIFICATE-\n ….. =\n-END
CERTIFICATE-",# deleted a lot of characters from this line at …..
"transaction_id": "3ab1ea270e34fe3bb4de45343276a7c9e36a4f22"
},
"id": 3839,
"pid": 94,
"proc_state": "finished",
"state": "SUCCESS"
}
}
-
Finally I fiddeled around in the policy-setting in enroll.yaml and managed to
switch off
manual approvement. So I am able now, to send CSR’s and get the corresponding
signed (?)
certificate stored in openxpki server, where it can be retrieved via REST-Call.
For the moment, this seems to fulfill my requirements (at least, I hope it
does, as I am
far away from really understanding all this PKI – sorcery)
So, thanks a lot for your help, Oliver! You are definitely a PKI-Wizard!
Kind regards
Andreas
Von: Oliver Welter
Antworten an: "openxpki-users@lists.sourceforge.net"
Datum: Montag, 27. September 2021 um 13:04
An: "openxpki-users@lists.sourceforge.net"
Betreff: Re: [OpenXPKI-users] How do I retrieve a Certificates key via RPC-call
to http://localhost:8080/rpc/enroll/SearchCertificate
Hi Andreas,
you must use a new CSR - the RPC wrapper uses the PKCS10 container from the
input to search for existing workflows for this container to allow asynchronous
operations without the need to deal with explicit transaction ids. Therefore
you are redirected to the old workflow (see the content of the id field) which
is already failed.
Oliver
Am 25.09.21 um 17:49 schrieb
andreas.so...@t-systems.com<mailto:andreas.so...@t-systems.com>:
Hi all,
I changed the RPC-Call according to Olivers hints, but it still doesn’t work:
-
curl -s -F method=RequestCertificate -F comment=test -F pkcs10="$(cat
certreq.pem)" -F "profile=tls-server" http://localhost:8080/rpc/enroll |
python -m json.tool
{
"result": {
"data": {
"error_code": "Invalid Profile",
"transaction_id": "a8cf0ec19b79c3ed0d434c66b3d54880c67f47be"
},
"id": 2815,
"pid": 94,
"proc_state": "finished",
"state": "FAILURE"
}
}
-
Any further ideas/hints?
Kind regards
Andreas
Von: Oliver Welter <mailto:m...@oliwel.de>
Antworten an:
"openxpki-users@lists.sourceforge.net"<mailto:openxpki-users@lists.sourceforge.net>
<mailto:openxpki-users@lists.sourceforge.net>
Datum: Freitag, 24. September 2021 um 18:56
An:
"openxpki-users@lists.sourceforge.net"<mailto:openxpki-users@lists.sourceforge.net>
<mailto:openxpki-users@lists.sourceforge.net>
Betreff: Re: [OpenXPKI-users] How do I retrieve a Certificates key via RPC-call
to http://localhost:8080/rpc/enroll/SearchCertificate
Hi Andreas,
looks like there is a bug in the docs, the value set for "profile" is mapped to
the internal profile names in the file "rpc/enroll.yaml" in the key
"profile_map" and there the profile is written with a dash.
Regarding REST: Have a look at the EST protocol, this will give you a very
clean interface that requests a plain PKCS10 container as payload and returns a
"raw" PKCS7 structure with the certificate without any encoding around.
Oliver
Am 24.09.21 um 16:26 schrieb
andreas.so...@t-systems.com<mailto:andreas.so...@t-systems.com>:
Hi all,
Re: [OpenXPKI-users] How do I retrieve a Certificates key via RPC-call to http://localhost:8080/rpc/enroll/SearchCertificate
Hi Andreas,
you must use a new CSR - the RPC wrapper uses the PKCS10 container from
the input to search for existing workflows for this container to allow
asynchronous operations without the need to deal with explicit
transaction ids. Therefore you are redirected to the old workflow (see
the content of the id field) which is already failed.
Oliver
Am 25.09.21 um 17:49 schrieb andreas.so...@t-systems.com:
>
> Hi all,
>
>
>
> I changed the RPC-Call according to Olivers hints, but it still
> doesn’t work:
>
>
>
> -
>
> curl -s -F method=RequestCertificate -F comment=test -F pkcs10="$(cat
> certreq.pem)" -F "profile=tls-server"
> http://localhost:8080/rpc/enroll | python -m json.tool
>
> {
>
> "result": {
>
> "data": {
>
> "error_code": "Invalid Profile",
>
> "transaction_id": "a8cf0ec19b79c3ed0d434c66b3d54880c67f47be"
>
> },
>
> "id": 2815,
>
> "pid": 94,
>
> "proc_state": "finished",
>
> "state": "FAILURE"
>
> }
>
> }
>
> -
>
>
>
> Any further ideas/hints?
>
>
>
> Kind regards
>
>
>
> Andreas
>
>
>
> *Von: *Oliver Welter
> *Antworten an: *"openxpki-users@lists.sourceforge.net"
>
> *Datum: *Freitag, 24. September 2021 um 18:56
> *An: *"openxpki-users@lists.sourceforge.net"
>
> *Betreff: *Re: [OpenXPKI-users] How do I retrieve a Certificates key
> via RPC-call to http://localhost:8080/rpc/enroll/SearchCertificate
>
>
>
> Hi Andreas,
>
>
>
> looks like there is a bug in the docs, the value set for "profile" is
> mapped to the internal profile names in the file "rpc/enroll.yaml" in
> the key "profile_map" and there the profile is written with a dash.
>
>
>
> Regarding REST: Have a look at the EST protocol, this will give you a
> very clean interface that requests a plain PKCS10 container as payload
> and returns a "raw" PKCS7 structure with the certificate without any
> encoding around.
>
>
>
> Oliver
>
>
>
> Am 24.09.21 um 16:26 schrieb andreas.so...@t-systems.com
> <mailto:andreas.so...@t-systems.com>:
>
> Hi all,
>
>
>
> @Oliver: thanks for this hint, but writing such a “RPC <-> REST”
> converter is kind of “overkill” for my purposes.
>
> Meanwhile I found out, that sending REST-Requests with the right
> header works fine for me:
>
>
>
> curl -s -X POST
> http://localhost:8080/rpc/enroll/SearchCertificate
> <http://localhost:8080/rpc/enroll/SearchCertificate> -H
> 'Content-Type: application/json' -d '{"common_name":"Rob
> Roberts"}' | python -m json.tool
>
>
>
> One problem solved, another problem arises:
> I try to “automatically” process a CSR, which I want to send via
> RPC/REST to the openXPKI Server.
>
>
>
> Tried this (and several other things), but failed:
>
>
>
> --
>
> # Generate a PKCS#10 CSR file “certreq.pem”
>
> openssl req -subj "/C=GB/ST=London/L=London/O=Global
> Security/OU=IT Department/CN=example.com" -nodes -newkey rsa:2048
> -sha256 -outform PEM -out certreq.pem
>
>
>
> # Try to upload the CSR file – without success
>
> curl -s -F "method=RequestCertificate" -F "profile=tls_server" -F
> "comment=test" -F pkcs10="$(cat certreq.pem)"
> http://localhost:8080/rpc/enroll
> <http://localhost:8080/rpc/enroll> | python -m json.tool
>
> {
>
> "result": {
>
> "data": {
>
> "error_code": "Invalid Profile",
>
> "transaction_id":
> "a8cf0ec19b79c3ed0d434c66b3d54880c67f47be"
>
> },
>
> "id": 2815,
>
> "pid": 94,
>
> "proc_state": "finished",
>
> "state": "FAILURE"
>
> }
>
> }
>
>
>
> --
>
>
>
> Any idea, what to do?
>
>
>
> Kind regards
>
>
>
> Andreas
>
>
>
> PS: To be honest: I am struggeling hard with openXPKI
> server’s do
Re: [OpenXPKI-users] How do I retrieve a Certificates key via RPC-call to http://localhost:8080/rpc/enroll/SearchCertificate
Hi all,
I changed the RPC-Call according to Olivers hints, but it still doesn’t work:
-
curl -s -F method=RequestCertificate -F comment=test -F pkcs10="$(cat
certreq.pem)" -F "profile=tls-server" http://localhost:8080/rpc/enroll |
python -m json.tool
{
"result": {
"data": {
"error_code": "Invalid Profile",
"transaction_id": "a8cf0ec19b79c3ed0d434c66b3d54880c67f47be"
},
"id": 2815,
"pid": 94,
"proc_state": "finished",
"state": "FAILURE"
}
}
-
Any further ideas/hints?
Kind regards
Andreas
Von: Oliver Welter
Antworten an: "openxpki-users@lists.sourceforge.net"
Datum: Freitag, 24. September 2021 um 18:56
An: "openxpki-users@lists.sourceforge.net"
Betreff: Re: [OpenXPKI-users] How do I retrieve a Certificates key via RPC-call
to http://localhost:8080/rpc/enroll/SearchCertificate
Hi Andreas,
looks like there is a bug in the docs, the value set for "profile" is mapped to
the internal profile names in the file "rpc/enroll.yaml" in the key
"profile_map" and there the profile is written with a dash.
Regarding REST: Have a look at the EST protocol, this will give you a very
clean interface that requests a plain PKCS10 container as payload and returns a
"raw" PKCS7 structure with the certificate without any encoding around.
Oliver
Am 24.09.21 um 16:26 schrieb
andreas.so...@t-systems.com<mailto:andreas.so...@t-systems.com>:
Hi all,
@Oliver: thanks for this hint, but writing such a “RPC <-> REST” converter is
kind of “overkill” for my purposes.
Meanwhile I found out, that sending REST-Requests with the right header works
fine for me:
curl -s -X POST http://localhost:8080/rpc/enroll/SearchCertificate -H
'Content-Type: application/json' -d '{"common_name":"Rob Roberts"}' | python -m
json.tool
One problem solved, another problem arises:
I try to “automatically” process a CSR, which I want to send via RPC/REST to
the openXPKI Server.
Tried this (and several other things), but failed:
--
# Generate a PKCS#10 CSR file “certreq.pem”
openssl req -subj "/C=GB/ST=London/L=London/O=Global Security/OU=IT
Department/CN=example.com" -nodes -newkey rsa:2048 -sha256 -outform PEM -out
certreq.pem
# Try to upload the CSR file – without success
curl -s -F "method=RequestCertificate" -F "profile=tls_server" -F
"comment=test" -F pkcs10="$(cat certreq.pem)" http://localhost:8080/rpc/enroll
| python -m json.tool
{
"result": {
"data": {
"error_code": "Invalid Profile",
"transaction_id": "a8cf0ec19b79c3ed0d434c66b3d54880c67f47be"
},
"id": 2815,
"pid": 94,
"proc_state": "finished",
"state": "FAILURE"
}
}
--
Any idea, what to do?
Kind regards
Andreas
PS: To be honest: I am struggeling hard with openXPKI server’s
documentation – the software itself seems to be quite promising, but
documentation is hard to understand and quite limited (at least from my point
of view).
Von: Oliver Welter <mailto:m...@oliwel.de>
Antworten an:
"openxpki-users@lists.sourceforge.net"<mailto:openxpki-users@lists.sourceforge.net>
<mailto:openxpki-users@lists.sourceforge.net>
Datum: Freitag, 24. September 2021 um 15:17
An:
"openxpki-users@lists.sourceforge.net"<mailto:openxpki-users@lists.sourceforge.net>
<mailto:openxpki-users@lists.sourceforge.net>
Betreff: Re: [OpenXPKI-users] How do I retrieve a Certificates key via RPC-call
to http://localhost:8080/rpc/enroll/SearchCertificate
Hi Andreas,
to have "real" REST API you need to write a wrapper yourself that translates a
REST path to a call to the RPC system and rewrites the result to the expected
return structure. There is no ready-to-go component in OpenXPKI CE for this as
such an interface is always very customer specific.
Oliver
Am 23.09.21 um 18:23 schrieb
andreas.so...@t-systems.com<mailto:andreas.so...@t-systems.com>:
Hi Oliver,
thanks a lot!
Your reference to
"_map_certificate: [% Certificate.pem(...) %]“
… was close and guided me to the right direction, but – big surprise – it
didn’t work.
Finally I found out that the following line works:
“_map_pem: "[% USE Certificate %][% Certificate.pem(context.cert_identifier) %]"
Of cause, I had to adjust the file enroll.yaml appropriately too:
[SearchCertificate]
workflow = certificate_search
param = common_name
output = cert_identifier, pem, notbefore,
Re: [OpenXPKI-users] How do I retrieve a Certificates key via RPC-call to http://localhost:8080/rpc/enroll/SearchCertificate
Hi Andreas,
looks like there is a bug in the docs, the value set for "profile" is
mapped to the internal profile names in the file "rpc/enroll.yaml" in
the key "profile_map" and there the profile is written with a dash.
Regarding REST: Have a look at the EST protocol, this will give you a
very clean interface that requests a plain PKCS10 container as payload
and returns a "raw" PKCS7 structure with the certificate without any
encoding around.
Oliver
Am 24.09.21 um 16:26 schrieb andreas.so...@t-systems.com:
>
> Hi all,
>
>
>
> @Oliver: thanks for this hint, but writing such a “RPC <-> REST”
> converter is kind of “overkill” for my purposes.
>
> Meanwhile I found out, that sending REST-Requests with the right
> header works fine for me:
>
>
>
> curl -s -X POST http://localhost:8080/rpc/enroll/SearchCertificate
> <http://localhost:8080/rpc/enroll/SearchCertificate> -H
> 'Content-Type: application/json' -d '{"common_name":"Rob Roberts"}' |
> python -m json.tool
>
>
>
> One problem solved, another problem arises:
> I try to “automatically” process a CSR, which I want to send via
> RPC/REST to the openXPKI Server.
>
>
>
> Tried this (and several other things), but failed:
>
>
>
> --
>
> # Generate a PKCS#10 CSR file “certreq.pem”
>
> openssl req -subj "/C=GB/ST=London/L=London/O=Global Security/OU=IT
> Department/CN=example.com" -nodes -newkey rsa:2048 -sha256 -outform
> PEM -out certreq.pem
>
>
>
> # Try to upload the CSR file – without success
>
> curl -s -F "method=RequestCertificate" -F "profile=tls_server" -F
> "comment=test" -F pkcs10="$(cat certreq.pem)"
> http://localhost:8080/rpc/enroll | python -m json.tool
>
> {
>
> "result": {
>
> "data": {
>
> "error_code": "Invalid Profile",
>
> "transaction_id": "a8cf0ec19b79c3ed0d434c66b3d54880c67f47be"
>
> },
>
> "id": 2815,
>
> "pid": 94,
>
> "proc_state": "finished",
>
> "state": "FAILURE"
>
> }
>
> }
>
>
>
> --
>
>
>
> Any idea, what to do?
>
>
>
> Kind regards
>
>
>
> Andreas
>
>
>
> PS: To be honest: I am struggeling hard with openXPKI server’s
> documentation – the software itself seems to be quite promising, but
> documentation is hard to understand and quite limited (at least from
> my point of view).
>
>
>
>
>
>
>
> *Von: *Oliver Welter
> *Antworten an: *"openxpki-users@lists.sourceforge.net"
>
> *Datum: *Freitag, 24. September 2021 um 15:17
> *An: *"openxpki-users@lists.sourceforge.net"
>
> *Betreff: *Re: [OpenXPKI-users] How do I retrieve a Certificates key
> via RPC-call to http://localhost:8080/rpc/enroll/SearchCertificate
>
>
>
> Hi Andreas,
>
>
>
> to have "real" REST API you need to write a wrapper yourself that
> translates a REST path to a call to the RPC system and rewrites the
> result to the expected return structure. There is no ready-to-go
> component in OpenXPKI CE for this as such an interface is always very
> customer specific.
>
>
>
> Oliver
>
>
>
> Am 23.09.21 um 18:23 schrieb andreas.so...@t-systems.com
> <mailto:andreas.so...@t-systems.com>:
>
> Hi Oliver,
>
>
>
> thanks a lot!
>
> Your reference to
>
>
>
> "_map_certificate: [% Certificate.pem(...) %]“
>
>
>
> … was close and guided me to the right direction, but – big
> surprise – it didn’t work.
> Finally I found out that the following line works:
>
>
>
> “_map_pem: "[% USE Certificate %][%
> Certificate.pem(context.cert_identifier) %]"
>
>
>
> Of cause, I had to adjust the file enroll.yaml appropriately too:
>
>
>
> [SearchCertificate]
>
> workflow = certificate_search
>
> param = common_name
>
> output = cert_identifier, pem, notbefore, notafter, status
>
>
>
> The result was pretty much what I had been searching for:
>
>
>
> curl -s -F "method=SearchCertificate" -F "common_name=Rob
> Roberts" http://localhost:8080/rpc/enroll
> <http://localhost:8080/rpc/enroll> | python -m
Re: [OpenXPKI-users] How do I retrieve a Certificates key via RPC-call to http://localhost:8080/rpc/enroll/SearchCertificate
Hi,
> Meanwhile I found out, that sending REST-Requests with the right header works
> fine for me:
>
> curl -s -X POST http://localhost:8080/rpc/enroll/SearchCertificate -H
> 'Content-Type: application/json' -d '{"common_name":"Rob Roberts"}' | python
> -m json.tool
I don't really know your use case but I assume you would be much better served
with properly adapting the Enrollment Workflow to your needs.
> PS: To be honest: I am struggeling hard with openXPKI server’s
> documentation – the software itself seems to be quite promising, but
> documentation is hard to understand and quite limited (at least from my point
> of view).
The publicly available documentation of the OpenXPKI Community Edition provides
an overview and a quickstart guide on the software, covering a simple use case
of OpenXPKI to get things up and running.
From my observation most OpenXPKI CE users seem to be able to get their system
up and running with this documentation, and with help on this mailing list it
looks like we were also able to support users with some more advanced questions.
OpenXPKI is a very powerful and complex PKI software product - after all it is
enterprise grade software. So due to the amount of features and functionality
the CE documentation naturally only covers a tiny fraction of the available
feature set.
However, we will gladly accept user contributions to improve the quality of the
OpenXPKI CE documentation.
Beyond the quickstart guide there is also a significant amount of class
documentation within the OpenSource code base itself, as most internals are
properly documented within the class structure of OpenXPKI. A developer or
designer with more specific goals will have to learn how OpenXPKI works and dig
into the details.
Becoming familiar with the features of OpenXPKI takes time, we have found that
even with extensive mentoring from our OpenXPKI core team a new developer or
integrator will take a few months to become productive with the system.
That said, I would like to mention that the Enterprise Edition of OpenXPKI is
available as a commercial product from our company White Rabbit Security GmbH
which comes with extensive (400+ pages) of configuration, integration,
operation and development documentation covering all aspects of the system.
Cheers,
Martin
___
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users
Re: [OpenXPKI-users] How do I retrieve a Certificates key via RPC-call to http://localhost:8080/rpc/enroll/SearchCertificate
Hi all,
@Oliver: thanks for this hint, but writing such a “RPC <-> REST” converter is
kind of “overkill” for my purposes.
Meanwhile I found out, that sending REST-Requests with the right header works
fine for me:
curl -s -X POST http://localhost:8080/rpc/enroll/SearchCertificate -H
'Content-Type: application/json' -d '{"common_name":"Rob Roberts"}' | python -m
json.tool
One problem solved, another problem arises:
I try to “automatically” process a CSR, which I want to send via RPC/REST to
the openXPKI Server.
Tried this (and several other things), but failed:
--
# Generate a PKCS#10 CSR file “certreq.pem”
openssl req -subj "/C=GB/ST=London/L=London/O=Global Security/OU=IT
Department/CN=example.com" -nodes -newkey rsa:2048 -sha256 -outform PEM -out
certreq.pem
# Try to upload the CSR file – without success
curl -s -F "method=RequestCertificate" -F "profile=tls_server" -F
"comment=test" -F pkcs10="$(cat certreq.pem)" http://localhost:8080/rpc/enroll
| python -m json.tool
{
"result": {
"data": {
"error_code": "Invalid Profile",
"transaction_id": "a8cf0ec19b79c3ed0d434c66b3d54880c67f47be"
},
"id": 2815,
"pid": 94,
"proc_state": "finished",
"state": "FAILURE"
}
}
--
Any idea, what to do?
Kind regards
Andreas
PS: To be honest: I am struggeling hard with openXPKI server’s
documentation – the software itself seems to be quite promising, but
documentation is hard to understand and quite limited (at least from my point
of view).
Von: Oliver Welter
Antworten an: "openxpki-users@lists.sourceforge.net"
Datum: Freitag, 24. September 2021 um 15:17
An: "openxpki-users@lists.sourceforge.net"
Betreff: Re: [OpenXPKI-users] How do I retrieve a Certificates key via RPC-call
to http://localhost:8080/rpc/enroll/SearchCertificate
Hi Andreas,
to have "real" REST API you need to write a wrapper yourself that translates a
REST path to a call to the RPC system and rewrites the result to the expected
return structure. There is no ready-to-go component in OpenXPKI CE for this as
such an interface is always very customer specific.
Oliver
Am 23.09.21 um 18:23 schrieb
andreas.so...@t-systems.com<mailto:andreas.so...@t-systems.com>:
Hi Oliver,
thanks a lot!
Your reference to
"_map_certificate: [% Certificate.pem(...) %]“
… was close and guided me to the right direction, but – big surprise – it
didn’t work.
Finally I found out that the following line works:
“_map_pem: "[% USE Certificate %][% Certificate.pem(context.cert_identifier) %]"
Of cause, I had to adjust the file enroll.yaml appropriately too:
[SearchCertificate]
workflow = certificate_search
param = common_name
output = cert_identifier, pem, notbefore, notafter, status
The result was pretty much what I had been searching for:
curl -s -F "method=SearchCertificate" -F "common_name=Rob Roberts"
http://localhost:8080/rpc/enroll | python -m json.tool
{
"result": {
"data": {
"cert_identifier": "jLy7gIbwwvnvOCMRpTPgdw6uVpg",
"notafter": "2022-03-16T16:54:56",
"notbefore": "2021-09-16T16:54:56",
"pem": "-BEGIN CERTIFICATE-\nm …….. v9MRebfA=\n-END
CERTIFICATE-",
"status": "ISSUED"
},
"id": 0,
"pid": 70,
"proc_state": "finished",
"state": "SUCCESS"
}
}
So far, so good (and once again: thank you for your help!)
What remains open, is my question, how to switch from RPC to REST.
Could you give me a hint, how to achieve that?
Kind regards
Andreas
___
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net<mailto:OpenXPKI-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/openxpki-users
--
Protect your environment - close windows and adopt a penguin!
___
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users
Re: [OpenXPKI-users] How do I retrieve a Certificates key via RPC-call to http://localhost:8080/rpc/enroll/SearchCertificate
Hi Andreas,
to have "real" REST API you need to write a wrapper yourself that
translates a REST path to a call to the RPC system and rewrites the
result to the expected return structure. There is no ready-to-go
component in OpenXPKI CE for this as such an interface is always very
customer specific.
Oliver
Am 23.09.21 um 18:23 schrieb andreas.so...@t-systems.com:
>
> Hi Oliver,
>
>
>
> thanks a lot!
>
> Your reference to
>
>
>
> "_map_certificate: [% Certificate.pem(...) %]“
>
>
>
> … was close and guided me to the right direction, but – big surprise –
> it didn’t work.
> Finally I found out that the following line works:
>
>
>
> “_map_pem: "[% USE Certificate %][%
> Certificate.pem(context.cert_identifier) %]"
>
>
>
> Of cause, I had to adjust the file enroll.yaml appropriately too:
>
>
>
> [SearchCertificate]
>
> workflow = certificate_search
>
> param = common_name
>
> output = cert_identifier, pem, notbefore, notafter, status
>
>
>
> The result was pretty much what I had been searching for:**
>
>
>
> curl -s -F "method=SearchCertificate" -F "common_name=Rob Roberts"
> http://localhost:8080/rpc/enroll | python -m json.tool
>
> {
>
> "result": {
>
> "data": {
>
> "cert_identifier": "jLy7gIbwwvnvOCMRpTPgdw6uVpg",
>
> "notafter": "2022-03-16T16:54:56",
>
> "notbefore": "2021-09-16T16:54:56",
>
> "pem": "-BEGIN CERTIFICATE-\nm ……..
> v9MRebfA=\n-END CERTIFICATE-",
>
> "status": "ISSUED"
>
> },
>
> "id": 0,
>
> "pid": 70,
>
> "proc_state": "finished",
>
> "state": "SUCCESS"
>
> }
>
> }
>
>
>
> So far, so good (and once again: thank you for your help!)
>
>
>
> What remains open, is my question, how to switch from RPC to REST.
>
> Could you give me a hint, how to achieve that?
>
>
>
> Kind regards
>
>
>
> Andreas
>
>
>
>
>
>
>
> ___
> OpenXPKI-users mailing list
> OpenXPKI-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openxpki-users
--
Protect your environment - close windows and adopt a penguin!
___
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users
Re: [OpenXPKI-users] How do I retrieve a Certificates key via RPC-call to http://localhost:8080/rpc/enroll/SearchCertificate
Hi Oliver,
thanks a lot!
Your reference to
"_map_certificate: [% Certificate.pem(...) %]“
… was close and guided me to the right direction, but – big surprise – it
didn’t work.
Finally I found out that the following line works:
“_map_pem: "[% USE Certificate %][% Certificate.pem(context.cert_identifier) %]"
Of cause, I had to adjust the file enroll.yaml appropriately too:
[SearchCertificate]
workflow = certificate_search
param = common_name
output = cert_identifier, pem, notbefore, notafter, status
The result was pretty much what I had been searching for:
curl -s -F "method=SearchCertificate" -F "common_name=Rob Roberts"
http://localhost:8080/rpc/enroll | python -m json.tool
{
"result": {
"data": {
"cert_identifier": "jLy7gIbwwvnvOCMRpTPgdw6uVpg",
"notafter": "2022-03-16T16:54:56",
"notbefore": "2021-09-16T16:54:56",
"pem": "-BEGIN CERTIFICATE-\nm …….. v9MRebfA=\n-END
CERTIFICATE-",
"status": "ISSUED"
},
"id": 0,
"pid": 70,
"proc_state": "finished",
"state": "SUCCESS"
}
}
So far, so good (and once again: thank you for your help!)
What remains open, is my question, how to switch from RPC to REST.
Could you give me a hint, how to achieve that?
Kind regards
Andreas
___
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users
Re: [OpenXPKI-users] How do I retrieve a Certificates key via RPC-call to http://localhost:8080/rpc/enroll/SearchCertificate
Hi Andreas,
at least in my world "key" in conjunction with certificate usually
refers to the private key
If you just want the certificate in the output all you need to do is to
add another line "_map_certificate: [% Certificate.pem(...) %] " in the
workflows "get_certificate_data" action to write the PEM block to the
context key "certificate" and add this key in the output filter as
written in the post you already linked.
Oliver
Am 20.09.21 um 19:28 schrieb andreas.so...@t-systems.com:
>
> Hi all,
>
>
>
> Oliver wrote:
>
> > you will not be able to get the private key for a certificate using
> the cert search as the key is not a property of the certificate.
>
> > If a key was generated on the PKI during the CSR workflow, you must use the
> workflow for key export to extract it from the
>
> > database which will - with the default workflows - also require the
> > password used during
> creation.
>
>
>
> I thing, you got me wrong:
>
>
> I don’t want to retrieve the private key, instead, I want to be able
> to retrieve a certificate’s public key.
>
> With the default settings of the docker image, the Endpoint
> http://localhost:8080/rpc/enroll/SearchCertificate
> <http://localhost:8080/rpc/enroll/SearchCertificatel> delivers only
> some of the keys metadata, not the public key itself.
>
>
>
> > I don't know what you are trying to achieve but it does not look like the
> > right
> approach for me - if you need keys on an
>
> > automated interface, it would be the better approach to have a RPC workflow
> > to
> create key and certificate as once
>
> > or even better hand over the key into the system.
>
>
>
> I just want to be able to search for a certificate (e.g. by common
> name) and retrieve it’s public key.
> This shall be done through REST calls.
>
>
>
> > If you prefer REST, it is easily possible by configuring the RPC interface
> > the right way.
>
>
>
> Would be nice, if you could give me a hint, how to achieve that.
>
>
>
> Kind regards
>
>
>
> Andreas
>
>
>
>
>
> *Von: *Oliver Welter
> *Antworten an: *"openxpki-users@lists.sourceforge.net"
>
> *Datum: *Montag, 20. September 2021 um 07:58
> *An: *"openxpki-users@lists.sourceforge.net"
>
> *Betreff: *Re: [OpenXPKI-users] How do I retrieve a Certificates key
> via RPC-call to http://localhost:8080/rpc/enroll/SearchCertificate
>
>
>
> Hi Andreas,
>
>
>
> you will not be able to get the private key for a certificate using
> the cert search as the key is not a property of the certificate. If a
> key was generated on the PKI during the CSR workflow, you must use the
> workflow for key export to extract it from the database which will -
> with the default workflows - also require the password used during
> creation.
>
>
>
> I don't know what you are trying to achieve but it does not look like
> the right approach for me - if you need keys on an automated
> interface, it would be the better approach to have a RPC workflow to
> create key and certificate as once or even better hand over the key
> into the system.
>
>
>
> If you prefer REST, it is easily possible by configuring the RPC
> interface the right way.
>
>
>
> Oliver
>
>
>
> Am 16.09.21 um 21:09 schrieb andreas.so...@t-systems.com
> <mailto:andreas.so...@t-systems.com>:
>
> Hi all,
>
>
>
> I’m struggling to retrieve certificates (including the
> certificate’s key) from openXPKI via RPC-call (REST-call would be
> even better).
>
> Somehow, I managed to get the openxpki-docker containers from
> docker Hub up and running - so I am able to create certificates
> via WebUI.
>
>
>
> Also RPC-calls to the SearchCertificate method work fine:
>
>
>
> curl -s -F "method=SearchCertificate" -F "common_name=Rob
> Roberts" http://localhost:8080/rpc/enroll
> <http://localhost:8080/rpc/enroll> | python -m json.tool
>
> {
>
> "result": {
>
> "data": {
>
> "cert_identifier": "jLy7gIbwwvnvOCMRpTPgdw6uVpg",
>
> "notafter": "2022-03-16T16:54:56",
>
> "notbefore": "2021-09-16T16:54:56",
>
> "status": "ISSUED"
>
> },
>
> "id": 0,
>
> "pid": 71,
>
> "proc_state": "
Re: [OpenXPKI-users] How do I retrieve a Certificates key via RPC-call to http://localhost:8080/rpc/enroll/SearchCertificate
Hi all,
Oliver wrote:
> you will not be able to get the private key for a certificate using the cert
> search as the key is not a property of the certificate.
> If a key was generated on the PKI during the CSR workflow, you must use the
> workflow for key export to extract it from the
> database which will - with the default workflows - also require the password
> used during creation.
I thing, you got me wrong:
I don’t want to retrieve the private key, instead, I want to be able to
retrieve a certificate’s public key.
With the default settings of the docker image, the Endpoint
http://localhost:8080/rpc/enroll/SearchCertificate<http://localhost:8080/rpc/enroll/SearchCertificatel>
delivers only
some of the keys metadata, not the public key itself.
> I don't know what you are trying to achieve but it does not look like the
> right approach for me - if you need keys on an
> automated interface, it would be the better approach to have a RPC workflow
> to create key and certificate as once
> or even better hand over the key into the system.
I just want to be able to search for a certificate (e.g. by common name) and
retrieve it’s public key.
This shall be done through REST calls.
> If you prefer REST, it is easily possible by configuring the RPC interface
> the right way.
Would be nice, if you could give me a hint, how to achieve that.
Kind regards
Andreas
Von: Oliver Welter
Antworten an: "openxpki-users@lists.sourceforge.net"
Datum: Montag, 20. September 2021 um 07:58
An: "openxpki-users@lists.sourceforge.net"
Betreff: Re: [OpenXPKI-users] How do I retrieve a Certificates key via RPC-call
to http://localhost:8080/rpc/enroll/SearchCertificate
Hi Andreas,
you will not be able to get the private key for a certificate using the cert
search as the key is not a property of the certificate. If a key was generated
on the PKI during the CSR workflow, you must use the workflow for key export to
extract it from the database which will - with the default workflows - also
require the password used during creation.
I don't know what you are trying to achieve but it does not look like the right
approach for me - if you need keys on an automated interface, it would be the
better approach to have a RPC workflow to create key and certificate as once or
even better hand over the key into the system.
If you prefer REST, it is easily possible by configuring the RPC interface the
right way.
Oliver
Am 16.09.21 um 21:09 schrieb
andreas.so...@t-systems.com<mailto:andreas.so...@t-systems.com>:
Hi all,
I’m struggling to retrieve certificates (including the certificate’s key) from
openXPKI via RPC-call (REST-call would be even better).
Somehow, I managed to get the openxpki-docker containers from docker Hub up and
running - so I am able to create certificates via WebUI.
Also RPC-calls to the SearchCertificate method work fine:
curl -s -F "method=SearchCertificate" -F "common_name=Rob Roberts"
http://localhost:8080/rpc/enroll | python -m json.tool
{
"result": {
"data": {
"cert_identifier": "jLy7gIbwwvnvOCMRpTPgdw6uVpg",
"notafter": "2022-03-16T16:54:56",
"notbefore": "2021-09-16T16:54:56",
"status": "ISSUED"
},
"id": 0,
"pid": 71,
"proc_state": "finished",
"state": "SUCCESS"
}
}
Looks perfekt, but the key is missing!
Seems, that I have to change enroll.yaml AND the certificate_search workflow,
to add the certificate’s key as an additional output field:
https://sourceforge.net/p/openxpki/mailman/openxpki-users/thread/26520814-81cf-2d0e-a8dd-431b6e4149ea%40oliwel.de/#msg36766216
But I don’t know, how to do that.
Could some of the experts give me advice?
As I am not a C# / Perl / OpenXPKI expert, I hope, you can help me with “easy
to understand/digest” answers.
(of cause: “ready to use” code-snippets/files would be perfect, but I do not
dare to ask for that).
Kind regards
Andreas
___
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net<mailto:OpenXPKI-users@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/openxpki-users
--
Protect your environment - close windows and adopt a penguin!
___
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users
Re: [OpenXPKI-users] How do I retrieve a Certificates key via RPC-call to http://localhost:8080/rpc/enroll/SearchCertificate
Hi Andreas,
you will not be able to get the private key for a certificate using the
cert search as the key is not a property of the certificate. If a key
was generated on the PKI during the CSR workflow, you must use the
workflow for key export to extract it from the database which will -
with the default workflows - also require the password used during
creation.
I don't know what you are trying to achieve but it does not look like
the right approach for me - if you need keys on an automated interface,
it would be the better approach to have a RPC workflow to create key and
certificate as once or even better hand over the key into the system.
If you prefer REST, it is easily possible by configuring the RPC
interface the right way.
Oliver
Am 16.09.21 um 21:09 schrieb andreas.so...@t-systems.com:
>
> Hi all,
>
>
>
> I’m struggling to retrieve certificates (including the certificate’s
> key) from openXPKI via RPC-call (REST-call would be even better).
>
> Somehow, I managed to get the openxpki-docker containers from docker
> Hub up and running - so I am able to create certificates via WebUI.
>
>
>
> Also RPC-calls to the SearchCertificate method work fine:
>
>
>
> curl -s -F "method=SearchCertificate" -F "common_name=Rob Roberts"
> http://localhost:8080/rpc/enroll | python -m json.tool
>
> {
>
> "result": {
>
> "data": {
>
> "cert_identifier": "jLy7gIbwwvnvOCMRpTPgdw6uVpg",
>
> "notafter": "2022-03-16T16:54:56",
>
> "notbefore": "2021-09-16T16:54:56",
>
> "status": "ISSUED"
>
> },
>
> "id": 0,
>
> "pid": 71,
>
> "proc_state": "finished",
>
> "state": "SUCCESS"
>
> }
>
> }
>
>
>
> Looks perfekt, but the key is missing!
>
>
>
> Seems, that I have to change enroll.yaml AND the certificate_search
> workflow, to add the certificate’s key as an additional output field:
> https://sourceforge.net/p/openxpki/mailman/openxpki-users/thread/26520814-81cf-2d0e-a8dd-431b6e4149ea%40oliwel.de/#msg36766216
>
>
>
>
> But I don’t know, how to do that.
>
> Could some of the experts give me advice?
>
>
>
> As I am not a C# / Perl / OpenXPKI expert, I hope, you can help me
> with “easy to understand/digest” answers.
> (of cause: “ready to use” code-snippets/files would be perfect, but I
> do not dare to ask for that).
>
>
>
> Kind regards
>
>
>
> Andreas
>
>
>
>
>
>
>
> ___
> OpenXPKI-users mailing list
> OpenXPKI-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openxpki-users
--
Protect your environment - close windows and adopt a penguin!
___
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users
[OpenXPKI-users] How do I retrieve a Certificates key via RPC-call to http://localhost:8080/rpc/enroll/SearchCertificate
Hi all,
I’m struggling to retrieve certificates (including the certificate’s key) from
openXPKI via RPC-call (REST-call would be even better).
Somehow, I managed to get the openxpki-docker containers from docker Hub up and
running - so I am able to create certificates via WebUI.
Also RPC-calls to the SearchCertificate method work fine:
curl -s -F "method=SearchCertificate" -F "common_name=Rob Roberts"
http://localhost:8080/rpc/enroll | python -m json.tool
{
"result": {
"data": {
"cert_identifier": "jLy7gIbwwvnvOCMRpTPgdw6uVpg",
"notafter": "2022-03-16T16:54:56",
"notbefore": "2021-09-16T16:54:56",
"status": "ISSUED"
},
"id": 0,
"pid": 71,
"proc_state": "finished",
"state": "SUCCESS"
}
}
Looks perfekt, but the key is missing!
Seems, that I have to change enroll.yaml AND the certificate_search workflow,
to add the certificate’s key as an additional output field:
https://sourceforge.net/p/openxpki/mailman/openxpki-users/thread/26520814-81cf-2d0e-a8dd-431b6e4149ea%40oliwel.de/#msg36766216
But I don’t know, how to do that.
Could some of the experts give me advice?
As I am not a C# / Perl / OpenXPKI expert, I hope, you can help me with “easy
to understand/digest” answers.
(of cause: “ready to use” code-snippets/files would be perfect, but I do not
dare to ask for that).
Kind regards
Andreas
___
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users
