Hi again,
I have worked through a "test plan" which I have set up for myself with
the default TESTDUMMYCA and got to the following point:
- Sign in as root and unlock CA key -> successful
- Issue CRL -> successful
- Request CA Operator Certificate using basic template -> successful
- Login as raop and approve CSR without signature -> successful
- Request RA Operator Certificate using basic template -> successful
- Login as root using external static mode and approve CSR without
signature -> successful
- Login as John Doe and request User Certificate using basic template ->
successful
- Login as raop with digital signature -> successful
- Approve CSR with digital signature -> error
I have already configured my trust_anchors in auth.xml,
workflow_validator_certificate_revocation_request.xml and
workflow_validator_certificate_signing_request.xml
to
I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA.
Here is what the webinterface returns:
--------------------------------------------
Error
I18N_OPENXPKI_SERVER_WORKFLOW_VALIDATOR_APPROVALSIGNATURE_SIGNATURE_INVALID
Raw Error Data:
{
'LIST' => [
{
'LABEL' =>
'I18N_OPENXPKI_SERVER_WORKFLOW_VALIDATOR_APPROVALSIGNATURE_SIGNATURE_INVALID',
'PARAMS' => {}
}
],
'SERVICE_MSG' => 'ERROR'
}
Certificate Revocation Request: Approval
To approve this certificate revocation request, you can either approve
with out without signature. Please choose the appropriate button to
approve the certificate revocation request.
--------------------------------------------
I can still approve the CSR without signature after that. This is the
content of /var/log/openxpki.log during approval:
--------------------------------------------
2011/03/30 13:48:54 openxpki.system.DEBUG [OpenXPKI::Crypto::CLI
(/usr/lib/perl5/OpenXPKI/Crypto/CLI.pm:182); raop(RA Operator)@f644]
Exception: I18N_OPENXPKI_CRYPTO_CLI_EXECUTE_CHILD_ERROR; _
_SIGNAL__ => 0; __EXIT_CODE__ => 1
2011/03/30 13:48:54 openxpki.system.DEBUG [OpenXPKI::Crypto::CLI
(/usr/lib/perl5/OpenXPKI/Crypto/CLI.pm:182); raop(RA Operator)@f644]
Exception: I18N_OPENXPKI_CRYPTO_CLI_EXECUTE_CHILD_ERROR; _
_SIGNAL__ => 0; __EXIT_CODE__ => 1
2011/03/30 13:48:54 openxpki.system.DEBUG [OpenXPKI::Crypto::Toolkit
(/usr/lib/perl5/OpenXPKI/Crypto/Toolkit.pm:464); raop(RA Operator)@f644]
Exception: I18N_OPENXPKI_TOOLKIT_COMMAND_FAILED; _
_COMMAND__ => OpenXPKI::Crypto::Tool::PKCS7::Command::verify; __ERRVAL__
=> I18N_OPENXPKI_CRYPTO_CLI_EXECUTE_CHILD_ERROR; __SIGNAL__ => 0;
__EXIT_CODE__ => 1
2011/03/30 13:48:54 openxpki.system.DEBUG [OpenXPKI::Crypto::Toolkit
(/usr/lib/perl5/OpenXPKI/Crypto/Toolkit.pm:464); raop(RA Operator)@f644]
Exception: I18N_OPENXPKI_TOOLKIT_COMMAND_FAILED; _
_COMMAND__ => OpenXPKI::Crypto::Tool::PKCS7::Command::verify; __ERRVAL__
=> I18N_OPENXPKI_CRYPTO_CLI_EXECUTE_CHILD_ERROR; __SIGNAL__ => 0;
__EXIT_CODE__ => 1
2011/03/30 13:48:54 openxpki.system.WARN
[OpenXPKI::Server::Workflow::Validator::ApprovalSignature
(/usr/lib/perl5/OpenXPKI/Server/Workflow/Validator/ApprovalSignature.pm:159);
raop(RA Operato
r)@f644] Exception:
I18N_OPENXPKI_SERVER_WORKFLOW_VALIDATOR_APPROVALSIGNATURE_SIGNATURE_INVALID
2011/03/30 13:48:54 openxpki.system.WARN
[OpenXPKI::Server::Workflow::Validator::ApprovalSignature
(/usr/lib/perl5/OpenXPKI/Server/Workflow/Validator/ApprovalSignature.pm:159);
raop(RA Operato
r)@f644] Exception:
I18N_OPENXPKI_SERVER_WORKFLOW_VALIDATOR_APPROVALSIGNATURE_SIGNATURE_INVALID
2011/03/30 13:48:54 Workflow.ERROR Caught exception from action:
I18N_OPENXPKI_SERVER_WORKFLOW_VALIDATOR_APPROVALSIGNATURE_SIGNATURE_INVALID;
reset workflow to old state 'PENDING'
2011/03/30 13:48:54 Workflow.ERROR Caught exception from action:
I18N_OPENXPKI_SERVER_WORKFLOW_VALIDATOR_APPROVALSIGNATURE_SIGNATURE_INVALID;
reset workflow to old state 'PENDING'
--------------------------------------------
I will try to investigate a little bit more by activating debug logging...
Regards,
Marc
------------------------------------------------------------------------------
Create and publish websites with WebMatrix
Use the most popular FREE web apps or write code yourself;
WebMatrix provides all the features you need to develop and
publish your website. http://p.sf.net/sfu/ms-webmatrix-sf
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
