Hello everybody!
I try to generate server certificate using OpenXPKI. My steps:
1. Login as root
2. Set secret part
3. Create workflow:
$msg = $client->send_receive_command_msg(
'create_workflow_instance',
{
WORKFLOW => 'I18N_OPENXPKI_WF_TYPE_CERTIFICATE_SIGNING_REQUEST',
PARAMS => {
'cert_info' => $ser->serialize($info),
'cert_profile' => 'I18N_OPENXPKI_PROFILE_TLS_SERVER',
'cert_role' => 'Web Server',
'cert_subject_alt_name_parts' => "HASH\n0\n",
'cert_subject_parts' => $ser->serialize($subjectparts),
'cert_subject_style' => '00_tls_basic_style',
'csr_type' => 'pkcs10',
},
},
);
4. Generate key, Logout
5. Login as RA Operator
6. Approve CSR
7. Persist CSR
8. Logout
I try to download private key using web-interface. As you know it's possible
to download private key in different formats:
1. PKCS #8 (PEM)
2. PKCS #8 (DER)
3. OpenSSL (PEM)
So when I try to do this in OpenSSL (PEM) format I got error after password
entering: "Password is incorrect, try another one". But I know that this
password is correct and when I try to load private key in PKCS #8 (PEM) for
example, or in PKCS #8 (DER) or download certificate + private key there is
no any problems and password is accepted.
Maybe any of my steps in certificate generating were incorrect? There were
no any errors in openxpki-log.
kind regards
Elvira
------------------------------------------------------------------------------
The NEW KODAK i700 Series Scanners deliver under ANY circumstances! Your
production scanning environment may not be a perfect world - but thanks to
Kodak, there's a perfect scanner to get the job done! With the NEW KODAK i700
Series Scanner you'll get full speed at 300 dpi even with all image
processing features enabled. http://p.sf.net/sfu/kodak-com
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
