Re: [OpenXPKI-users] Signature in the I18N_OPENXPKI_WF_ACTION_APPROVE_CSR activity

Mon, 12 Jan 2009 04:40:23 -0800 

Hi Dmitry,

On Sun, Jan 11, 2009 at 06:08:38PM +0500, Dmitry Golomolzin wrote:
> We tried to issue new certificate and faced some troubles during the
> process of the certificate approval (see our questions marked by â  ###
> â   prefix below).

> my $serialized_context = OpenXPKI::Serialization::Simple->new()->
> serialize($current_context);
> 
> my $context_hash = sha1_hex($serialized_context);
> 
> my $params = {};
> 
> $params{'_signature'} = ?????;
> 
> ### Question: What kind of signature should we use here?

This signature is generated by Mozilla's crypto.signText() 
or CAPICOM's SignedData.Sign() method. Do you really need the
signature? In a normal deployment, you should be able to approve
without signature, the signature-based approval is just an optional
additional feature with added security.

> $msg = $client->send_receive_command_msg('execute_workflow_activity',{
> 
> ACTIVITY=>"I18N_OPENXPKI_WF_ACTION_APPROVE_CSR",
> 
> ID=>$w_id,
> 
> PARAMS=>$params,

try PARAMS => {}, for a start

> ### Then we used 'I18N_OPENXPKI_WF_ACTION_PERSIST_CSR' activity without
> additional parameters, but got the following error:
> 
> $VAR1 = {
> 'LIST' => [
> {
> 'LABEL' =>
> 'I18N_OPENXPKI_SERVER_WORKFLOW_ACTIVITY_TOOLS_FORKWORKFLOWINSTANCE_ERROR_FORKING',
> 'PARAMS' => {
> '__EVAL_ERROR__' =>
> 'I18N_OPENXPKI_SERVER_WORKFLOW_ACTIVITY_TOOLS_FORKWORKFLOWINSTANCE_ERROR_EXECUTING_ACTIVITY;
> __STATE__ => ; __EVAL_ERROR__ =>
> I18N_OPENXPKI_ACTIVITY_TOOLS_DETERMINEISSUINGCA_NO_MATCHING_CA;
> __REQUESTED_NOTAFTER__ => 2009-07-11T12:22:29'
> }
> }
> ],
> 'SERVICE_MSG' => 'ERROR'
> };
> 
> ### Question: What may be the cause of this error?

The error typically means that you do not have a CA installed that can
satisfy the requested notafter date - did you install a CA certificate
yet? If so, does it run out before August 2009?

HTH,
Cheers,
  Alex
-- 
Dipl.-Math. Alexander Klink | IT-Security Engineer
        [email protected] | working @ urn:oid:1.3.6.1.4.1.11417

Attachment: smime.p7s
Description: S/MIME cryptographic signature

------------------------------------------------------------------------------
Check out the new SourceForge.net Marketplace.
It is the best place to buy or sell services for
just about anything Open Source.
http://p.sf.net/sfu/Xq1LFB
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users

Reply via email to