hi, I am testing smartcard authentication with a yubikey neo like described in https://frasertweedale.github.io/blog-redhat/posts/2016-08-12-yubikey-sc-login.html
I successfully generated a key using the yubico-piv-tool, and with that a csr. yubico-piv-tool -a verify-pin -a request-certificate -s 9e -S "/CN=user50/" Enter PIN: Successfully verified PIN. -----BEGIN CERTIFICATE REQUEST----- MIICVjCCAT4CAQAwETEPMA0GA1UEAwwGdXNlcjUwMIIBIjANBgkqhkiG9w0BAQEF AAOCAQ8AMIIBCgKCAQEAkWjUxl0qInlYB4TiZ7GkJkgBdomTTzk5GfK76ZizbsGV 4xyPmUgf+7eEO3GEvkGiBPJxk0NVJuamuEJTIXtn7h7Wgz6ghCE0uCCupjAJqa57 Hdm3h3GvofwWuE442YIRHvXydaSkrCAGsL/M3g4tVi7Xn+jTaWrzKsAeqJxQVRPD h4R9bN4BIzXL+62qGI9jriM8dJEWCrGFzg6viCujRlybkhQhiLxCGvS8lO3HQ7tF lDRZN6Ey/nvFxIC1MtGZgrN3nj/Z37nIBWF4s20CcJau8mfalJQEFjqLkjMh7X8K hWKrSdNj43nBTlO0So3qezs4roLkZFSN1hQnCG/pCQIDAQABoAAwDQYJKoZIhvcN AQELBQADggEBAH22PLW7Tuc6y5VxIpnaqdsborbp+Twr/kPoDnibJPjV8JBYqC4G iQCHDJn+uuJSpiBxTUtYX45CscOiwD8kiDoYIH/DCXUqPAhRudsBpJWDn9TKeFC5 b0PrwuN5cDo+yKYZW590eLL8/xdjtb9p/M3AU5tSJTbG3dCA5Rp4MdgE97pOYkPg 3kUHR19YjH/GnZHeuv8Af+WIJVMvDVGKF+MvJEImSjg/ZQUV6hzBI+oAWr9Hj21q KABjiO5AhMyo+uC6WXajkltzUP30cbBlNl0Z34Dw452Ym5uILWAF+ZmlT0sp0Mg4 lwNPSwst5mhUtQL7AmNHYHg7cAAgXx9Xql0= -----END CERTIFICATE REQUEST----- Successfully generated a certificate request. With this csr I try generating a certificate but it fails: $ ipa cert-request user50.csr --principal user50 --raw ipa: ERROR: Request failed with status 500: Non-2xx response from CA REST API: 500. Invalid Request In the pki logs I only see this error. 192.168.5.10 - ipara [08/Nov/2018:22:37:12 +0100] "GET /ca/rest/authorities/edb13864-3c75-4c7d-b5b8-dd4322789437/cert HTTP/1.1" 200 920 192.168.5.10 - ipara [08/Nov/2018:22:37:12 +0100] "GET /ca/rest/account/logout HTTP/1.1" 204 - 192.168.5.10 - - [08/Nov/2018:22:37:13 +0100] "POST /ca/rest/certrequests?issuer-id=edb13864-3c75-4c7d-b5b8-dd4322789437 HTTP/1.1" 500 123 Any ideas as to what is going wrong? Thanks! -- Groeten, natxo
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org