Hello openxpki-users,
I followed the quickstart guide to test the scep functionality, but all of
my requests via scep are in PENDING status and needs manual intervention
from Operator to approve it via the WEB UI.
I tried to change some of the configuration parameters in
scep-server-1.yaml like
Hello all,
I am trying to build/install openxpki on CentOS/RHEL 7 but till now without
success. I am facing perl lib dependencies if I try to build it from
source... Is someone tried to use it/build it successfully on CentOS/RHEL
7?
I searched in the mailing list/google and manage to find only th
Hi Bhagyashree,
I think in Debian - apache mod_cgi is not enabled by default. Check in
/etc/apache2/mods-enabled if you have cgid.conf and cgid.load correctly
pointing to the same files in ../mods-available/.
Something like:
lrwxrwxrwx 1 root root 27 Apr 5 16:08 cgid.conf ->
../mods-available/cgi
Hi all,
Is openxpki supports PKCS#11 via OpenSC?
I am asking if I can use openxpki with low-end HSMs such as SmartCard-HSM
or Nitrokey HSM?
I tried to find something in the documentation but without success. If
someone is able to provide me with more details I would be grateful!
Thanks.
Cho
t; http://yourhost/scep/scep
>
> As we are getting below error
>
> I18N_OPENXPKI_CLIENT_SCEP_INVALID_OP
>
> Thanks,
> Bhagyashree.
>
>
>
> On Wed, May 18, 2016 at 4:05 PM, Cho Chan wrote:
>
>> Hi Bhagyashree,
>>
>> I think in Debian - apache mod
Thanks Oliver and Martin.
I ordered one USB hsm device compatible with openSC and after I receive it
I will do some tests.
Regards,
Cho
On Wed, May 18, 2016 at 7:04 PM, Oliver Welter wrote:
> Am 18.05.2016 um 15:49 schrieb Martin Bartosch:
>
> A rudimentary PKCS#11 driver exists and AFAIR wor
Hi all,
I think I read somewhere in the mailing list that there is a possibility to
import CA structure with 3 levels (or more).
Can you please share how this can happen with some examples if possible?
I want to import structure similar to
RootCA -> PolicyCA -> Issuing CA -> end entity SSL certs
Hi all,
I am having some troubles with trying to issue CRL via openxpkicmd. I am
receiving the following error:
'I18N_OPENXPKI_SERVER_ACL_AUTHORIZE_WORKFLOW_CREATE_PERMISSION_DENIED'
Full output of the command:
$ openxpkicmd --socketfile /var/openxpki/openxpki.socket --authstack
"Operator" --au
rkflow to Anonymous,
> so you can leave out the auth* parameters and simply say:
>
> openxpkicmd --realm ca-two crl_issuance
>
> Oliver
>
>
> Am 24.01.2017 um 16:16 schrieb Cho Chan:
>
>> Hi all,
>>
>> I am having some trou
Hi all,
I created a custom profile for tls client certs containing:
[..]
00_basic_style:
label: I18N_OPENXPKI_UI_PROFILE_TLS_CLIENT_BASIC_LABEL
description: I18N_OPENXPKI_UI_PROFILE_TLS_CLIENT_BASIC_DESC
ui:
subject:
- username
Hi all,
it there a possibility to change password policy in the Enter a Password /
Certificate Signing Request (CSR) workflow:
"Password must contain at least 8 chars from 2 character groups
(lower/upper/digit/special)."
Thank you in advance!
Regards,
Cho
---
Hi Oliver,
Works as you described!
Thanks for the hint!
Regards,
Cho
On Thu, May 11, 2017 at 7:54 AM, Oliver Welter wrote:
> Hello Cho,
>
> it there a possibility to change password policy in the Enter a Password
>> / Certificate Signing Request (CSR) workflow:
>>
>> "Password must contain at
Hi all,
when I download private key in pkcs12/jks format -> the generated file
format contains private key, public certs + Issuing/Intermediate CA. Is
there a possibility to include also RootCA inside?
I found out the following workflow: certificate_privkey_export.yaml
containing the class
OpenXP
"KEEPROOT => 1" to the parameter list. You should make a copy
> of the file and rename it, otherwise it will be overriden by the next
> update.
> >
> > Oli
> >
> >
> > Am 17.05.2017 um 12:14 schrieb Cho Chan:
> >> Hi all,
> >>
> &
Hi Oliver,
I will use the same thread as it is related to getcrl. I am trying to get
the CRL via SCEP using sscep, but I am receiving the following error:
2017/06/08 15:44:21 openxpki.system.ERROR:7980 [OpenXPKI::Exception
(/usr/lib/x86_64-linux-gnu/perl5/5.20/OpenXPKI/Exception.pm:109);
scep-ser
t and
from there it tries to find CRL.and it fails.
Please correct me if I am wrong somewhere.
Thank you in advance!
Regards,
Cho
On Fri, Jun 9, 2017 at 8:15 AM, Oliver Welter wrote:
> Hi Cho,
>
> I can not really make any sense of that...it looks like OpenXPKI finds the
> corr
Hi all,
Via web interface I can issue and sign certificate with SAN containing DNS
names + IP addresses, but when I try to request certificate via scep with
CSR with SAN containing DNS names + IP addresses it fails.
When I am requesting certificate via scep with CSR with SAN containing only
DNS n
Hi Oliver,
I am interested also to test.
Thanks,
Cho
On Thu, Aug 22, 2019 at 5:18 PM Jefferson Dümes
wrote:
> Hi people,
>
> I'm interested.
>
> Cheers,
> Jeff
>
>
> On Thu, 22 Aug 2019 at 15:47, Oliver Welter wrote:
>
>> Dear OpenXPKI Fellows,
>>
>> its nearly done - we are approaching the r
Hello list,
I am trying to create a custom role (like 'SA Operator') to be used only
for signing/revoking/searching certificates.
My steps are:
1. Create a custom role in '/etc/openxpki/config.d/realm/testca/roles.yaml'
2. Create proper connector, handler and stack for the custom role
3. Create '
an EE license, there is a nice set of modules for such
> cases :D
>
> Oliver
> On 19.08.24 23:22, Cho Chan wrote:
>
> Hello list,
>
> I am trying to create a custom role (like 'SA Operator') to be used only
> for signing/revoking/searching certificates.
20 matches
Mail list logo