Hello,
I have configured the UI part of OpenXPKI to meet my needs and I am now trying
to do the same with the RPC interface (which I access using a python script).
It works, CSR can be signed and certificates are issued but I am facing the
following issues:
1. I need to have only a manual approval from the operator, but no
authorization is required. I configured the policy in rpc/enroll.yaml (see
below) and it works, the status is indeed ‘PENDING’ once I connect using the
operator account. However, the response to my RPC request contains the
following error: {'error_code':
'I18N_OPENXPKI_UI_ENROLLMENT_ERROR_NOT_APPROVED', …. } when I would expect a
PENDING status. Did I configure it correctly?
1. I would expect the workflow to be almost the same when using RPC and the
UI, but some steps are missing with my current setup: when submitting twice the
same CSR using RPC, I don’t get any error, while I get a “Duplicate Key Error
(Certificate)” when submitting the CSR again using the UI. How do I get this
verification on the RPC interface as well?
1. I configured my entity_profile so that the issued certificates are
published to the /var/www/download directory, which works with the UI but not
with RPC. How can I achieve this?
I am using the latest docker image, with the system’s version 3.4.0, and the
config version 3.1.2.
rpc/enroll.yaml:
policy:
allow_anon_enroll: 1 # No authentication
required
allow_man_authen: 0
allow_man_approv: 1 # Operator approval
max_active_certs: 0
auto_revoke_existing_certs: 1
approval_points: 2 # Changed to 2 to
require operator approval
export_certificate: chain
profile:
cert_profile: my_entity_default # My entity profile where the
publish option is configured
cert_subject_style: enroll
Thanks in advance,
- Guillaume
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
