Hi,
Several months ago, I was asking if I can use SAN_EMAIL field as the email
notification
for anonymous EST request submission.
I had other projects to deal with, so did not investigate further. Now I am
back on this
again and I upgraded release to 3.26 (both software and config).
There are
I have successfully used YubiHSM2 (FIPS version). I used the label name for the
signing key:
key: "slot_0-label_"
Cheers,
Lixin.
From: Montajab Saleh
Sent: Thursday, September 28, 2023 2:19 AM
To: openxpki-users@lists.sourceforge.net
Subject: [OpenXPKI-users] OpenXPKI woth YubiHSM2 -
successfully, do you think that I did the
configuration correctly?
Thanks
On Thu, Sep 28, 2023 at 7:31 PM Lixin Liu mailto:l...@sfu.ca>>
wrote:
I have successfully used YubiHSM2 (FIPS version). I used the label name for the
signing key:
key: "slot_0-label_"
C
need to change the
"_map_notify_to" expression to point either to the hash of the parsed
subject ([% context.cert_subject_parts.SAN_EMAIL.0 %] should work) or
use the metadata which you have defined earlier via the Templating
plugins (Certificate.attr(...)).
Oliver
On 18.09.23 18:53,
critical: 0
user_notice:
- My note
I don't think this is correct. What is the correct syntax to use?
Thank you very much.
Lixin Liu
HPC System Architect
Simon Fraser University
___
OpenXPKI-users mailing list
OpenXPKI-users
:35 AM, "Lixin Liu" mailto:l...@sfu.ca>> wrote:
Hi,
I am new to OpenXPKI, so this may be a simply question, how do I define 2
policy identifiers in the profile?
I want to do something like:
policy_identifier:
oid: 1.2.3.4.5
critical: 0
cps:
- http://localhos
ers] Define 2 policy identifiers in certificate profile
Hi Lixin,
the syntax is correct but you can remove the empty "oid:", it is not required
in that case.
Oliver
On 25.01.23 20:08, Lixin Liu wrote:
To answer the question myself, this seems to work:
policy_identifier:
Hi Martin,
Sorry I am new to OpenXPKI product and still trying to learn how to customize
to my need.
I am not sure how to define a new endpoint. Should I create a new ScriptAlias
in Apache
configuration to, say /.well-known/user-est and then create a directory
user-est with its
configuration
Hi,
I am hitting another error when publishing a cert (to a local file). I see the
cert file is written
to local directory, but with a 777 permission which I think is wrong.
Here is the error message right after publishing is finished.
2023/02/25 18:19:34 INFO Workflow
Hi Martin,
Thanks! This is very helpful.
Add permission mode appears to work correct for new cert publishing. And,
thanks to your sharp eye,
removing extra "I" in "RA Operator.yaml" file, line 329, does clear the error.
I also noticed errors in stderr.log file:
Use of uninitialized
ty much that you are missing the
CGI::Session::OpenXPKI driver module - this sits in the core repo but is
not build/installed by the main Makefile.
Oli
PS: RHEL8 packages are available via our enterprise edition - if this
would be an option, feel free to contact me.
On 17.02.23 23:44, Lixin Liu wr
Hi,
Questions about setting up openxpki.
First, I can issue CRL correctly, but I am unable to publish it (to local
directory). Here is the log:
2023/02/21 12:37:37 openxpki.workflow.INFO Workflow
255/crl_issuance/PUBLISH_CRL executed 'global_noop' (autorun) in state
'LOAD_NEXT_CA'
Hi,
I am very close to start open my CA implementation to our subscribers for beta
testing.
One remaining issue is I am unable to setup notification correctly.
From what I see, the option provided in “info” fields are used for email
notifications.
But it is not possible to do for anonymous
Hi,
I have built the development VM for OpenXPI and appears to be stable on
Rocky/AlmaLinux 9.
Need to modify Makefile.PL to allow using openssl 3.0. And I use YubiHSM2 for
signing.
This week, I started a production VM but running into an error in UI which I
cannot see why.
On the client web
nd was never
really supported by the 3.x release - it is left there mainly as a reference
and you are right, the san_email template is missing in the configuration. The
suggested way is to use a matching template in the subject section which looks
like you already did.
Oliver
On 21.02.23 22:02, Lixi
file for writing at
/usr/local/share/perl5/5.32/Connector/Builtin/File/Path.pm line 156,
line 1.
If I touch the CRL file first, I am able to public the new CRL.
Cheers,
Lixin.
From: Lixin Liu
Date: Tuesday, February 21, 2023 at 1:02 PM
To: "openxpki-users@lists.sourceforge.net"
I think I figured out what I missed. I need to create a custom.conf file in
global est directory.
I can now create new request with proper profile option now.
Cheers,
Lixin.
On 2023-02-02, 10:46 AM, "Lixin Liu" mailto:l...@sfu.ca>> wrote:
Turning on DEBUG, I am seeing
Hi,
I have only one CA, but is it possible to configure EST with 2 different
profiles?
I would like to setup one for User certs. and one for TLS server certs.
Thanks,
Lixin.
___
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
re control over the "outer" wrapper
configuration, also create an appropriate file est/custom.conf - if this
is not present, it will inherit from default.
HTH
Oliver
On 02.02.23 04:31, Lixin Liu wrote:
> Hi Martin,
>
> Sorry I am new to OpenXPKI product and still trying to
=System|sid=Ki4O|wftype=certificate_enroll|wfid=22527]
Any hint how where I should look?
Thanks,
Lixin.
On 2023-02-02, 8:19 AM, "Lixin Liu" mailto:l...@sfu.ca>> wrote:
Hi Oliver,
Thanks for your reply.
I followed your suggestion to create estcustom.yaml file
Hi Scotty,
I am new to OpenXPKI and still learning, so my experience is very limited.
I have not used SCEP, have only tried EST with custom configuration. My changes
are mostly
related to SAN field, but it is likely similar to what you need to do.
I think you need to create a CSR with all
Hi James,
I am using "peer" instead of "trust" in my pg_hba.conf. You may want to try
this.
Cheers,
Lixin.
On 2024-02-06, 10:21 AM, "James B. Byrne via OpenXPKI-users"
mailto:openxpki-users@lists.sourceforge.net>> wrote:
PostgreSQL-16
FreeBSd-13.2p9
I am trying to setup openxpki using
22 matches
Mail list logo
