Hi Antonio,
sorry I did not see the changes you made in the code. When using the RPC
Layer the signature parameter is in context.signature, the stuff with
the url_ prefix is only used in SCEP and EST to map metadata into the
context. The RPC implementation does NOT allow arbitraty parameters i
Hello Oliver.
Sorry, maybe I couldn't explain my situation as well.
The original example (in the config repository) has eligibility check based
on the subject of the CSR using the regex (matching every FQDN having
openxpki.test)
For testing purposes, I keep this regex but to matching against the
Hello Antonio,
if you see a state PENDING, the MAC signature was accepted. The example
eligibility code generates the required approval point if the FQDN used
as the common name ends on "openxpki.test". I am pretty sure you will
see the certificate being issued when you use such a CSR. If you
Hello Oliver.
A really appreciate your support. I was able to authenticate the RPC
request.
Now, I want to auto-approve the request based on the Eligibility criteria
set in the *my-realm/rpc/enroll.yaml:*
eligible:
initial:
value@: connector:rpc.enroll.connector.intranet
args:
Hello Antonio,
the HMAC Secret is defined in the rpc/enroll.yaml configuration and the
expected value is an HMAC256 (hex notation) of the DER encoded CSR.
best regards
Oliver
On 05.08.23 06:36, Antonio Gamboa wrote:
Hi Oliver.
I could set up the RPC API successfully, thanks.
But, I have t
Hi Oliver.
I could set up the RPC API successfully, thanks.
But, I have the following question, How I could create the signature
parameter in the RPC request? It is the HMAC authentication, right?
I want to send this signature to make an authenticated request in order to
avoid manual authorizatio
Hi Antonio,
I am sorry that all looks fine and I have no clue why this is not working.
Oliver
On 17.07.23 17:43, Antonio Gamboa wrote:
Hi Oliver.
I think a have the correct realm [rpc/enroll.conf] :(
[global]
log_config = /etc/openxpki/rpc/log.conf
log_facility = client.rpc
socket = /var/ope
Hi Oliver.
I think a have the correct realm [rpc/enroll.conf] :(
[global]
log_config = /etc/openxpki/rpc/log.conf
log_facility = client.rpc
socket = /var/openxpki/openxpki.socket
realm = df
#locale_directory: /usr/share/locale
default_language = en_US
[auth]
stack = _System
[input]
allow_raw_po
Hi Antonio,
it seems you have changed the name of the realm - did you also changed
this in the rpc/enroll.conf ?
Oli
Am 15.07.23 um 20:17 schrieb Antonio Gamboa:
Hi Oliver, thanks
I am sorry to be such a bother with this configuration.
I have the endpoint definitions in //etc/openxpki/rpc/
Hi Oliver, thanks
I am sorry to be such a bother with this configuration.
I have the endpoint definitions in */etc/openxpki/rpc/enroll.conf,* so I
guess the configuration for certificate profile must be in
*config.d/realm/df/rpc/enroll.yaml * (it's there)
My rpc call/enpoint is [POST] https://
Hello Antonio,
there is one pitfall that has not been fixed in the community workflow
yet :(
The name of the endpoint is derived from the URL path and used to find
the configuration file. Due to the nature of the configuration tree of
OpenXPKI, no error is triggered when this configuration f
Hi Martin.
Thanks for your response.
I think the certificate profile 'tls_server' is OK (I have the profile in
the profiles' directory) even, I can see it and use it on the web UI.
I tried specifying the certificate profile in the RPC request (tls-server,
due to the mapping) but the message is th
Hi,
> I'm trying to issue a certificate using the default RPC configuration
> (RequestCertificate method) but a get :
> {
> "result": {
> "id": 3583,
> "proc_state": "finished",
> "state": "FAILURE",
> "data": {
> "transaction_id": "723c94cd1fba71e9
Hi Oliver.
I'm trying to issue a certificate using the default RPC configuration
(RequestCertificate method) but a get :
{
"result": {
"id": 3583,
"proc_state": "finished",
"state": "FAILURE",
"data": {
"transaction_id": "723c94cd1fba71e96d1a5c240fde
Hi Oliver.
I really appreciate your quick response. I will give it a try.
Thanks.
___
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users
Hi Antonio,
the certificate_privkey_export workflow is for downloading a key from
the datapool that was generated earlier by the WebUI based CSR workflow
so this is not really what you are looking for. The regular enrollment
workflow expects a properly formated CSR and there is nothing inside
16 matches
Mail list logo
