Hi Jeff,
OpenXPKI does not support username/password authentication via the
handlers yet. You can either use anonymous requests with a challange
password in the PKCS10 (as used by SCEP) or use "on behalf" signing.
If you want to have username/password authentication you can set this up
inside apache.
Oliver
Am 20.12.19 um 13:17 schrieb Jefferson Dümes:
Hi people,
I am missing something in my tests when trying the simpleenroll just
like the example in Step 4 from http://testrfc7030.com/.
Initially I left out the "--anyauth -u estuser:estpwd" part cause I
don't know what should I enter in it. Then tryed a valid operator user,
but the logs still show " EST unauthenticated (no cert) ".
The Question is, what I am missing ?
---
curl https://172.31.1.25/.well-known/est/simplereenroll --anyauth -u
raop:openxpki -s -o meuteste.p7 --cacert cacerts.pem
--data-bin│techsupp@j00s-tpki01:mgmt-automation$ sudo systemctl restart
openxpkid
ary @req.p10 -H "Content-Type: application/pkcs10" --dump-header resp.hdr
---
tail -f /var/log/openxpki/est.log
2019/12/20 11:47:28 INFO:28251 EST handler initialized
2019/12/20 11:47:28 DEBUG:28251 Incoming request
/.well-known/est/simplereenroll
2019/12/20 11:47:28 DEBUG:28251 calling context is https
2019/12/20 11:47:28 DEBUG:28251 EST unauthenticated (no cert)
2019/12/20 11:47:28 TRACE:28251
2019/12/20 11:47:28 INFO:28251 Disconnect client
2019/12/20 11:47:28 DEBUG:28251 Initialize client
2019/12/20 11:47:28 DEBUG:28251 Started volatile session with id:
vrrUw48GQpmK7Q9N4qP4mg==
2019/12/20 11:47:28 DEBUG:28251 Selecting realm automation
Regards,
Jeff
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
--
Protect your environment - close windows and adopt a penguin!
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
