[OpenXPKI-users] scep enrollment request in PENDING

2015-12-18 Thread Cho Chan
Hello openxpki-users, I followed the quickstart guide to test the scep functionality, but all of my requests via scep are in PENDING status and needs manual intervention from Operator to approve it via the WEB UI. I tried to change some of the configuration parameters in scep-server-1.yaml like

[OpenXPKI-users] openxpki on CentOS 7.1

2016-01-12 Thread Cho Chan
Hello all, I am trying to build/install openxpki on CentOS/RHEL 7 but till now without success. I am facing perl lib dependencies if I try to build it from source... Is someone tried to use it/build it successfully on CentOS/RHEL 7? I searched in the mailing list/google and manage to find only th

Re: [OpenXPKI-users] openxpki support for crl download using http

2016-05-18 Thread Cho Chan
Hi Bhagyashree, I think in Debian - apache mod_cgi is not enabled by default. Check in /etc/apache2/mods-enabled if you have cgid.conf and cgid.load correctly pointing to the same files in ../mods-available/. Something like: lrwxrwxrwx 1 root root 27 Apr 5 16:08 cgid.conf -> ../mods-available/cgi

[OpenXPKI-users] HSM support

2016-05-18 Thread Cho Chan
Hi all, Is openxpki supports PKCS#11 via OpenSC? I am asking if I can use openxpki with low-end HSMs such as SmartCard-HSM or Nitrokey HSM? I tried to find something in the documentation but without success. If someone is able to provide me with more details I would be grateful! Thanks. Cho

Re: [OpenXPKI-users] Fwd: openxpki support for scep

2016-05-18 Thread Cho Chan
t; http://yourhost/scep/scep > > As we are getting below error > > I18N_OPENXPKI_CLIENT_SCEP_INVALID_OP > > Thanks, > Bhagyashree. > > > > On Wed, May 18, 2016 at 4:05 PM, Cho Chan wrote: > >> Hi Bhagyashree, >> >> I think in Debian - apache mod

Re: [OpenXPKI-users] HSM support

2016-05-24 Thread Cho Chan
Thanks Oliver and Martin. I ordered one USB hsm device compatible with openSC and after I receive it I will do some tests. Regards, Cho On Wed, May 18, 2016 at 7:04 PM, Oliver Welter wrote: > Am 18.05.2016 um 15:49 schrieb Martin Bartosch: > > A rudimentary PKCS#11 driver exists and AFAIR wor

[OpenXPKI-users] CA with 3 or more levels

2017-01-09 Thread Cho Chan
Hi all, I think I read somewhere in the mailing list that there is a possibility to import CA structure with 3 levels (or more). Can you please share how this can happen with some examples if possible? I want to import structure similar to RootCA -> PolicyCA -> Issuing CA -> end entity SSL certs

[OpenXPKI-users] problems with issuing CRL via openxpkicmd

2017-01-24 Thread Cho Chan
Hi all, I am having some troubles with trying to issue CRL via openxpkicmd. I am receiving the following error: 'I18N_OPENXPKI_SERVER_ACL_AUTHORIZE_WORKFLOW_CREATE_PERMISSION_DENIED' Full output of the command: $ openxpkicmd --socketfile /var/openxpki/openxpki.socket --authstack "Operator" --au

Re: [OpenXPKI-users] problems with issuing CRL via openxpkicmd

2017-01-25 Thread Cho Chan
rkflow to Anonymous, > so you can leave out the auth* parameters and simply say: > > openxpkicmd --realm ca-two crl_issuance > > Oliver > > > Am 24.01.2017 um 16:16 schrieb Cho Chan: > >> Hi all, >> >> I am having some trou

[OpenXPKI-users] custom tls client profile and problems with ExtractCSR during scep enroll

2017-03-14 Thread Cho Chan
Hi all, I created a custom profile for tls client certs containing: [..] 00_basic_style: label: I18N_OPENXPKI_UI_PROFILE_TLS_CLIENT_BASIC_LABEL description: I18N_OPENXPKI_UI_PROFILE_TLS_CLIENT_BASIC_DESC ui: subject: - username

[OpenXPKI-users] Changing password policy

2017-05-10 Thread Cho Chan
Hi all, it there a possibility to change password policy in the Enter a Password / Certificate Signing Request (CSR) workflow: "Password must contain at least 8 chars from 2 character groups (lower/upper/digit/special)." Thank you in advance! Regards, Cho ---

Re: [OpenXPKI-users] Changing password policy

2017-05-11 Thread Cho Chan
Hi Oliver, Works as you described! Thanks for the hint! Regards, Cho On Thu, May 11, 2017 at 7:54 AM, Oliver Welter wrote: > Hello Cho, > > it there a possibility to change password policy in the Enter a Password >> / Certificate Signing Request (CSR) workflow: >> >> "Password must contain at

[OpenXPKI-users] Adding RootCA in pkcs12/jks private key download

2017-05-17 Thread Cho Chan
Hi all, when I download private key in pkcs12/jks format -> the generated file format contains private key, public certs + Issuing/Intermediate CA. Is there a possibility to include also RootCA inside? I found out the following workflow: certificate_privkey_export.yaml containing the class OpenXP

Re: [OpenXPKI-users] Adding RootCA in pkcs12/jks private key download

2017-05-19 Thread Cho Chan
"KEEPROOT => 1" to the parameter list. You should make a copy > of the file and rename it, otherwise it will be overriden by the next > update. > > > > Oli > > > > > > Am 17.05.2017 um 12:14 schrieb Cho Chan: > >> Hi all, > >> > &

Re: [OpenXPKI-users] OpenXPKI request CRL with JSCEP

2017-06-08 Thread Cho Chan
Hi Oliver, I will use the same thread as it is related to getcrl. I am trying to get the CRL via SCEP using sscep, but I am receiving the following error: 2017/06/08 15:44:21 openxpki.system.ERROR:7980 [OpenXPKI::Exception (/usr/lib/x86_64-linux-gnu/perl5/5.20/OpenXPKI/Exception.pm:109); scep-ser

Re: [OpenXPKI-users] OpenXPKI request CRL with JSCEP

2017-06-09 Thread Cho Chan
t and from there it tries to find CRL.and it fails. Please correct me if I am wrong somewhere. Thank you in advance! Regards, Cho On Fri, Jun 9, 2017 at 8:15 AM, Oliver Welter wrote: > Hi Cho, > > I can not really make any sense of that...it looks like OpenXPKI finds the > corr

[OpenXPKI-users] Problem requesting SSL certificate via scep with san containing IP address

2017-12-14 Thread Cho Chan
Hi all, Via web interface I can issue and sign certificate with SAN containing DNS names + IP addresses, but when I try to request certificate via scep with CSR with SAN containing DNS names + IP addresses it fails. When I am requesting certificate via scep with CSR with SAN containing only DNS n

Re: [OpenXPKI-users] OpenXPKI 3.0 / Buster - Beta Testers wanted

2019-09-03 Thread Cho Chan
Hi Oliver, I am interested also to test. Thanks, Cho On Thu, Aug 22, 2019 at 5:18 PM Jefferson Dümes wrote: > Hi people, > > I'm interested. > > Cheers, > Jeff > > > On Thu, 22 Aug 2019 at 15:47, Oliver Welter wrote: > >> Dear OpenXPKI Fellows, >> >> its nearly done - we are approaching the r

[OpenXPKI-users] Create a Custom Role for signing/revoking certificates

2024-08-19 Thread Cho Chan
Hello list, I am trying to create a custom role (like 'SA Operator') to be used only for signing/revoking/searching certificates. My steps are: 1. Create a custom role in '/etc/openxpki/config.d/realm/testca/roles.yaml' 2. Create proper connector, handler and stack for the custom role 3. Create '

Re: [OpenXPKI-users] Create a Custom Role for signing/revoking certificates

2024-08-20 Thread Cho Chan
an EE license, there is a nice set of modules for such > cases :D > > Oliver > On 19.08.24 23:22, Cho Chan wrote: > > Hello list, > > I am trying to create a custom role (like 'SA Operator') to be used only > for signing/revoking/searching certificates.