Hi Oliver, you are probably right. I restarted the host and everything worked as expected.
Regards, Jeff On Mon, 27 Apr 2020 at 07:35, Oliver Welter <[email protected]> wrote: > Hi Jeff, > > sounds like your enrollment workflow takes to long to finish and blocks > the client. E.g. broken backend lookups, poor database performance... > > Oliver > > Am 22.04.20 um 15:05 schrieb Jefferson Dümes: > > Hi people, > > > > every first attempt to ask OpenXPKI to sign a cert via EST I get a > > "Internal Server Error" and est.log shows this: > > > > 2020/04/22 11:01:52 DEBUG:82 Incoming request > /.well-known/est/simpleenroll > > 2020/04/22 11:01:52 DEBUG:82 calling context is https > > 2020/04/22 11:01:52 INFO:82 EST authenticated client DN: > > CN=mar:pkiclient,O=MyOrg > > 2020/04/22 11:01:52 DEBUG:82 Initialize client > > 2020/04/22 11:01:53 DEBUG:82 Started volatile session with id: > > IHuKcV75QJOOFxviXrVFfA== > > 2020/04/22 11:01:53 DEBUG:82 Selecting auth stack _System > > 2020/04/22 11:02:24 INFO:82 Started new workflow > > 2020/04/22 11:02:24 ERROR:82 I18N_OPENXPKI_CLIENT_COLLECT_TIMEOUT > > 2020/04/22 11:02:24 INFO:82 Disconnect client > > > > Notice: a lag of about 30 secs between "Selecting auth stack _System" > > and "Started new workflow" > > > > Then I send the same request and I get the cert as expected with this in > > est.log > > > > 2020/04/22 11:06:45 DEBUG:83 Config for service est loaded > > 2020/04/22 11:06:45 INFO:83 EST handler initialized > > 2020/04/22 11:06:45 DEBUG:83 Incoming request > /.well-known/est/simpleenroll > > 2020/04/22 11:06:45 DEBUG:83 calling context is https > > 2020/04/22 11:06:45 INFO:83 EST authenticated client DN: > > CN=mar:pkiclient,O=MyOrg > > 2020/04/22 11:06:45 DEBUG:83 Initialize client > > 2020/04/22 11:06:45 DEBUG:83 Started volatile session with id: > > irR/wxjJRZ2DJRVHolXs6g== > > 2020/04/22 11:06:45 DEBUG:83 Selecting auth stack _System > > 2020/04/22 11:06:45 INFO:83 Found workflow - reload 20735 > > 2020/04/22 11:06:45 DEBUG:83 request for workflow info on 20735 > > 2020/04/22 11:06:45 DEBUG:83 Sending cert TNQt2_XXwwn7pXHrykj9Gb09_Ys > > 2020/04/22 11:06:45 INFO:83 Disconnect client > > > > This is my default.yaml in config.d/realm/myorg/est > > > > label: Enrollment > > > > authorized_signer: > > rule1: > > # Full DN > > subject: CN=.+:scepclient,.* > > rule2: > > # Full DN > > subject: CN=.+:pkiclient,.* > > > > renewal_period: 000060 > > > > # You must set at least one of both options or remove the > is_policy_loaded > > # condition in the workflow definition > > policy: > > allow_man_authen: 0 > > allow_man_approv: 0 > > max_active_certs: 0 > > auto_revoke_existing_certs: 1 > > approval_points: 1 > > export_certificate: chain > > > > profile: > > cert_profile: tls_server > > cert_subject_style: enroll > > > > > > eligible: > > initial: > > value: 1 > > > > renewal: > > value: 1 > > > > onbehalf: > > value: 1 > > > > Adding "-connect-timeout 60" or "--max-time 60" or both didn't help at > all. > > > > Regards, > > Jeff > > > > > > _______________________________________________ > > OpenXPKI-users mailing list > > [email protected] > > https://lists.sourceforge.net/lists/listinfo/openxpki-users > > > > > -- > Protect your environment - close windows and adopt a penguin! > > _______________________________________________ > OpenXPKI-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/openxpki-users >
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
