Re: [OpenXPKI-users] How enable Intermediate certificate CRL.
Just a random thought, maybe into a wrong direction: Looks like you have a load balancer or web proxy inbetween, which does a permanent web redirect to another FQDN with a HTTP status code „301 Moved permanently“. Please try do implement a reverse proxy instead which does hide the redirect to the actual web server / OpenXPKI instance, containing the CRL. Greetings Achim > Am 24.09.2021 um 15:04 schrieb Martin Bartosch via OpenXPKI-users > : > > Hi, > >> We are facing the issue while validating the certificate using ocsp. We did >> a bit of R from our side and we found the following issue when we tried to >> use the following command. >> screenshot attached. > > The OpenXPKI OpenSource edition does not include an OCSP server, this is a > component of the OpenXPKI Enterprise Edition. > > I suggest you raise a support ticket with the vendor of your OCSP responder. > > Best regards, > > Martin > > > > ___ > OpenXPKI-users mailing list > OpenXPKI-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openxpki-users ___ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
Re: [OpenXPKI-users] How enable Intermediate certificate CRL.
Hi, > We are facing the issue while validating the certificate using ocsp. We did a > bit of R from our side and we found the following issue when we tried to > use the following command. > screenshot attached. The OpenXPKI OpenSource edition does not include an OCSP server, this is a component of the OpenXPKI Enterprise Edition. I suggest you raise a support ticket with the vendor of your OCSP responder. Best regards, Martin ___ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
Re: [OpenXPKI-users] How enable Intermediate certificate CRL.
Hi Martin, We are facing the issue while validating the certificate using ocsp. We did a bit of R from our side and we found the following issue when we tried to use the following command. screenshot attached. Thanking you, Sanju Kundu On Thu, Sep 23, 2021 at 7:15 PM Martin Bartosch wrote: > > We have already configured the above mentioned file.But We need to > enable CRL for Issuer (Issuer: CN=OpenXPKI Demo Issuing CA 20210917,) this > certificate. So that we can verify the intermediate certificate. Please > guide us which configuration file need to change. > > Also we are trying to enable CRL using the below command. > > > > # openxpkicmd --realm democa crl_issuance > > Workflow created (ID: 63743), State: CANCELED > > But we got a State: CANCELED message. > > This error message means that there are no usable Issuing CAs within the > specified PKI Realm which are due for a regular CRL issuance (and CRL > issuance was not forced). > > Without knowing your environment I can only guess that you either have no > active Issuing CAs configured at all or that the configured CRL renewal > period for each active Issuing CAs has not yet expired. > > Cheers > > Martin > > ___ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
Re: [OpenXPKI-users] How enable Intermediate certificate CRL.
Hello Martin, We have already configured the above mentioned file.But We need to enable CRL for Issuer (Issuer: CN=OpenXPKI Demo Issuing CA 20210917,) this certificate. So that we can verify the intermediate certificate. Please guide us which configuration file need to change. Also we are trying to enable CRL using the below command. # openxpkicmd --realm democa crl_issuance Workflow created (ID: 63743), State: CANCELED But we got a State: CANCELED message. Thanking you, Sanju Kundu On Thu, Sep 23, 2021 at 5:11 PM Martin Bartosch wrote: > > We are able to enable .p12 certificate CRL for certificate revocation. > But we need to enable CRL for intermediate certificates i.e our requirement. > > Screenshots are attached along with mail for more understanding. > > If you are asking where you can configure the CDP in the certificate > profile default: > > > https://github.com/openxpki/openxpki-config/blob/community/config.d/realm.tpl/profile/default.yaml#L93 > > Regards, > > Martin > > ___ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
Re: [OpenXPKI-users] How enable Intermediate certificate CRL.
> We are able to enable .p12 certificate CRL for certificate revocation. But we > need to enable CRL for intermediate certificates i.e our requirement. > Screenshots are attached along with mail for more understanding. If you are asking where you can configure the CDP in the certificate profile default: https://github.com/openxpki/openxpki-config/blob/community/config.d/realm.tpl/profile/default.yaml#L93 Regards, Martin ___ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
Re: [OpenXPKI-users] How enable Intermediate certificate CRL.
> Please guide us to enable Intermediate certificate CRL in the openxpki > environment.We are using openxpki version 3.12 in our environment. I don't understand this question. Regards, Martin ___ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
[OpenXPKI-users] How enable Intermediate certificate CRL.
Hello, Please guide us to enable Intermediate certificate CRL in the openxpki environment.We are using openxpki version 3.12 in our environment. Thanking you, Sanju Kundu ___ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users