Hi Andreas, > 2018/09/05 11:10:04 DEBUG:11171 RPC unauthenticated (no cert)
As I just noticed that we forgot to mention that part in the docs and sample configuration, I assume that your webserver is just not sending the certificate to the script ;) You must add "SSLOptions +StdEnvVars +ExportCertData" to your SSL Host configuration to make the environment and authentication certificate available to the script. best regards Oliver Am 05.09.2018 um 11:26 schrieb [email protected]: > Hello. > > I try to write a Client in C# to do certificate requests over REST. > > Doing the SearchCertificate works just fine but when using the > RequestCertificate (which is described in the /etc/openxpki/rpc/...conf) I > get en error that the request is not authenticated. > > The response from the OpenXPKI WebService is: > {"result":{"data":{"error_code":"I18N_OPENXPKI_UI_ENROLLMENT_ERROR_NOT_AUTHENTICATED"},"state":"FAILURE","pid":11171,"id":"8191"}} > > Rpc.log shows: > 2018/09/05 11:10:04 DEBUG:11171 Autodetect config file for service rpc: > ca-iaxd.conf > 2018/09/05 11:10:04 DEBUG:11171 calling context is https > 2018/09/05 11:10:04 DEBUG:11171 RPC unauthenticated (no cert) > 2018/09/05 11:10:04 DEBUG:11171 Initialize client > 2018/09/05 11:10:04 DEBUG:11171 Started volatile session with id: > 1ujveeuw6BGWImGK1JWZug== > 2018/09/05 11:10:04 DEBUG:11171 Selecting realm ca-iaxd > 2018/09/05 11:10:04 DEBUG:11171 Selecting auth stack _System > 2018/09/05 11:10:05 DEBUG:11171 Workflow created (ID: 8191), State: FAILURE > 2018/09/05 11:10:05 INFO:11171 RPC request was processed properly (Workflow: > 8191, State: FAILURE > 2018/09/05 11:10:05 DEBUG:11171 Keys cert_identifier, error_code > 2018/09/05 11:10:05 INFO:11171 Disconnect client > > What exactly means the '2018/09/05 11:10:04 DEBUG:11171 RPC unauthenticated > (no cert)' line? I have used a certificate which I also use for SCEP. > > I have also followed some the instruction from another users post to create a > client certificate with the subject "myhost:pkiclient" where myhost is the > hostname of my OpenXPKI machine which certificate and key is under /tmp. > > I also got the following lines in the realms rpc.conf: > > authorized_signer: > rule1: > # Full DN > subject: CN=.+:scepclient,.* > rule2: > # Full DN > subject: CN=.+:pkiclient,.* > rule3: > identifier: JhkmsmPpsQrmrXoBRLJl2UIcSFc > > so rule 2 should catch the client certificate I have created for the rpc > request and rule 3 should catch the scep certificate I use in my Rest > request as it matches the identifier. > > What exactly I'm doing wrong? :) > > > Mit freundlichen Grüßen / Best regards > > Andreas Krieger > > operational services GmbH & Co. KG > Junior Systems Engineer, Mirrorserver/2 > T3-Application Services North > > Pascalstrasse 11 > 10587 Berlin | Germany > Telefon +49 375 60619 905 > > [email protected] > www.operational-services.de/ > > Please find the compulsory statements here: > www.operational-services.de/compulsoryStatements > ------------------------------------------------------------------------------ > Check out the vibrant tech community on one of the world's most > engaging tech sites, Slashdot.org! http://sdm.link/slashdot > _______________________________________________ > OpenXPKI-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/openxpki-users > -- Protect your environment - close windows and adopt a penguin!
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
