Hi Sandy, > I am very new at using OpenXPKI.
Welcome to the crowd! > I just installed the OpenXPKI on my Debian VM and run the configuration > through sampleconfig script (for learning purpose and hope that I can use it > in the future for projects). Sounds good. But do not use sampleconfig for anything that is meant to work in some sort of production environment. > But I tried requesting a certificate through an API call, and I cannot define > the profile that I want to use. Because whenever I set the profile to > anything known like tls_server, tls_client, user_auth_enc it always gives an > error message: "Invalid Profile". The profile specified via the API needs to be explicitly whitelisted, otherwise the system will reject the client choice. profile_map: pc-client: tls_client tls-server: tls_server tls-client: tls_client This map keys list the logical profile names accepted from the client, the corresponding values are the resulting internal profile names. > The process will succeed if I don't define the profile but the used profile > for making the certificate become "tls_server" by default. This is the default profile defined in profile.cert_profile > And I find that I cannot find the download PKCS12 button (on certificate > details) when the certificate is generated, unlike if I generate the > certificate through Web UI the Download Private key as PKCS12 button is > shown. Because I need the PKCS12 file for certifying a PDF. > > The body that I sent to the API URL is the PKCS10 and also the profile > (string). But like I have said before, when I put the profile in the body it > just gives me Invalid profile response. > > How do I request a certificate correctly through an API call? I want the > generated certificate to also have an option for downloading the private key > as PKCS12 too just like if I request the certificate through the Web UI. When using the enrollment interfaces the client generates its private key, creates a PKCS#10 request from it and sends the request to the PKI for certification. The PKCS#10 request does not include the private key, so it is only public information. PKCS#12 contains both the certificate and the private key - which the PKI does not have. Cheers Martin _______________________________________________ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
