Hello,
I am using OpenXPKI 3.4.0 and I want to issue both client and server
certificates via SCEP. I found in the docs that the "1.3.6.1.4.1.311.20.2"
extension can be used to select the certificate template, so I tried.
In /etc/openxpki/config.d/realm.tpl/scep/generic.yaml I have the default
configuration, which says:
profile:
cert_profile: tls_server
cert_subject_style: enroll
profile_map:
pc-client: tls_client
Now, when I issue an enrollment request via SCEP with this extension I can see
in the Workflow Context an entry "req_extensions" with
"certificateTemplateName, pc-client", so I guess the parameter was encoded
correctly. I thought that inclusion of "pc-client" will select the "tls_client"
from the profile map, but it seems to not work this way.
Am I doing something wrong, please?
Petr Gotthard
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
