Hi Martin and Alexander,
thank you both for your reply, I didn't expect it that fast. :)
Unfortunately, I already have defined the following in
workflow_validator_certificate_signing_request.xml:
---------------------------------------------
<validator name="ValidApprovalSignatureCSR"
class="OpenXPKI::Server::Workflow::Validator::ApprovalSignature">
<!-- if you set the following parameter to 1, you can enforce
signatures on all CSR approvals -->
<param name="signature_required" value="0"/>
<param name="pkcs7tool" value="testsceppkcs7tool1"/>
<!-- if you set signature_required to 1, you have to defined
identifiers for your trust anchors:
-->
<param name="trust_anchors"
value="I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA"/>
<!-- Alternatively, you can also specify realms, which will then be
replaced by all CA identifiers defined in that realm
-->
</validator>
---------------------------------------------
and in workflow_validator_certificate_revocation_request.xml:
---------------------------------------------
<validator name="ValidApprovalSignatureCRR"
class="OpenXPKI::Server::Workflow::Validator::ApprovalSignature">
<!-- if you set the following parameter to 1, you can enforce
signatures on all CSR approvals -->
<param name="signature_required" value="0"/>
<param name="pkcs7tool" value="testsceppkcs7tool1"/>
<!-- if you set signature_required to 1, you have to defined
identifiers for your trust anchors:
-->
<param name="trust_anchors"
value="I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA"/>
<!--Feature request: allow Realms instead of identifiers, too
Code should replace the realm by all configured identifiers in
that realm.
-->
</validator>
---------------------------------------------
I have restarted the server and retried CSRs and CRRs, but all of them
fail with the same error. :/
What can I try next? Which Module(s) should I debug to see if it is able
to read in the certificate chain and/or trust anchor?
Marc
On 31.03.2011 10:07, Alexander Klink wrote:
> Hi,
>
> Excerpts from Martin Bartosch's message of Thu Mar 31 09:54:53 +0200 2011:
>> I need to correct myself. Don't touch the activity configuration, it's
>> correct. Instead edit the file
>> workflow_validator_certificate_signing_request.xml and add the missing
>> trust anchor there. It also already contains some sample settings you
>> just need to modify.
>
> Also, make sure to create a new workflow for testing once you've done
> this as the old one will still use the old configuration (which is a
> pretty nice feature but in testing/debugging situations it has bit me
> more than once).
>
> Cheers,
> Alex
>
> ------------------------------------------------------------------------------
> Create and publish websites with WebMatrix
> Use the most popular FREE web apps or write code yourself;
> WebMatrix provides all the features you need to develop and
> publish your website. http://p.sf.net/sfu/ms-webmatrix-sf
> _______________________________________________
> OpenXPKI-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/openxpki-users
------------------------------------------------------------------------------
Create and publish websites with WebMatrix
Use the most popular FREE web apps or write code yourself;
WebMatrix provides all the features you need to develop and
publish your website. http://p.sf.net/sfu/ms-webmatrix-sf
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
