Hi Martin, Thanks you for the link. No problem for the ASN.1 😊
Regards Eddy Internal -----Message d'origine----- De : Martin Bartosch <[email protected]> Envoyé : mardi 25 mai 2021 18:45 À : [email protected] Cc : Eddy BODIN <[email protected]> Objet : Re: [OpenXPKI-users] SCEP enrolment: problem to reach "Initial enrolment" [External email: Use caution with links and attachments] ________________________________ Hi, > Thanks you Oliver, I succeed with SSCEP to sign my client with the PKI#2 > previously signed by PKI#1 (This post helped me > too:https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsourceforge.net%2Fp%2Fopenxpki%2Fmailman%2Fmessage%2F36904820%2F&data=04%7C01%7Ceddy.bodin%40non.se.com%7Cd996de228f814edddd2908d91f9c700b%7C6e51e1adc54b4b39b5980ffe9ae68fef%7C0%7C0%7C637575579613826309%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=yUqk0hx7HK9FvjaJCm8msxjWY3bzwaSwFReWcizH18U%3D&reserved=0) > > But I have still two questions: > • The quick one; in case where I have 2 signers (e.g.: ca-signer-1 and > ca-signer-2) is it possible to set/configure that only ca-signer 1 signs a > certificate request? (SCEP enrollment) – because currently the last signer I > add, the last signer who signs the request. See https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fsourceforge.net%2Fp%2Fopenxpki%2Fmailman%2Fopenxpki-users%2F%3Fviewmonth%3D202105%26viewday%3D18%26style%3Dflat&data=04%7C01%7Ceddy.bodin%40non.se.com%7Cd996de228f814edddd2908d91f9c700b%7C6e51e1adc54b4b39b5980ffe9ae68fef%7C0%7C0%7C637575579613826309%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwiLCJXVCI6Mn0%3D%7C2000&sdata=wUODNGxklLfKL67I1jfFVJ5MWgfeX%2BWjh5r4%2B58XVsg%3D&reserved=0 for a very similar question and answer. > • The second question arrived because I trying to do the on-behalf – > already made with SSCEP – now with Cryptlib. > The PKI#1 (openxpki with workaround in the workflow) signs my client (START > INITIAL is triggered) – this part is OK. Then the PKI#2 trying to sign my > client (I trying to reach START ON-BEHALF) but I failing before that, I get > lot of errors from LibSCEP: > > I don’t know which ASN1 field(s) have a problem, is it possible to know that? Sorry, I currently don't have the time for ASN.1 diving... Cheers Martin _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
