Hello everyone, I have found the described error. As Olivier described, I had to make adjustments to the openxpki/tls folder. Additionally I had to remove the -k flag in the curl command, which I have set in the intital request.
Greetings Robert Am Mo., 16. Aug. 2021 um 16:30 Uhr schrieb Robert Krahl < [email protected]>: > Hi Oliver, > > So I need to replace the "dummy.crt" in "/etc/openxpki/tls/chain" with the > "OpenXPKI_Issuing_CA.crt" and enter "c_rehash /etc/openxpki/tls/chain/"? > After doing so and restarting the docker container, I am still having the > same problem as described... > > ---------- > root@...:/var/log/openxpki# tail -f est.log > 2021/08/12 08:46:15 INFO:73 EST handler initialized > 2021/08/12 08:46:16 INFO:73 Disconnect client > 2021/08/12 12:13:51 DEBUG:71 Config for service est loaded > 2021/08/12 12:13:51 INFO:71 EST handler initialized > 2021/08/12 12:13:51 DEBUG:71 Incoming request /.well-known/est/simpleenroll > 2021/08/12 12:13:51 DEBUG:71 Autodetect config file for service est: > default.conf > 2021/08/12 12:13:51 DEBUG:71 calling context is https > 2021/08/12 12:13:51 DEBUG:71 EST unauthenticated (no cert) > 2021/08/12 12:13:51 DEBUG:71 Autodetect config file for service est: > default.conf > 2021/08/12 12:13:51 DEBUG:71 $VAR1 = { > 'workflow' => 'certificate_enroll', > 'pickup_attribute' => 'transaction_id', > 'pickup' => 'pkcs10' > }; > 2021/08/12 12:13:51 DEBUG:71 Pickup via attribute with transaction_id => > e0fff73e7ddf65f94c239e7f1b8c0ecd707fdc38 > 2021/08/12 12:13:51 DEBUG:71 Initialize client > 2021/08/12 12:13:51 DEBUG:71 Started volatile session with id: > LOtvQJ2OTdS0oRYR6pBaiA== > 2021/08/12 12:13:51 DEBUG:71 Selecting auth stack _System > 2021/08/12 12:13:51 DEBUG:71 Pickup 767 for > e0fff73e7ddf65f94c239e7f1b8c0ecd707fdc38 > 2021/08/12 12:13:51 DEBUG:71 request for workflow info on 767 > 2021/08/12 12:13:51 INFO:71 Disconnect client > ---------- > > ---------- > Request was rejected: I18N_OPENXPKI_UI_ENROLLMENT_ERROR_NOT_AUTHENTICATED > ---------- > > I really want to make it work, but I'm still lost in doing so... > > Robert > > Am Do., 12. Aug. 2021 um 16:08 Uhr schrieb Oliver Welter <[email protected]>: > >> Hi Robert, >> >> Am 12.08.21 um 14:26 schrieb Robert Krahl: >> > >> > Acceptable client certificate CA names >> > CN = Placeholder for TLS Client Auth >> >> you must replace this with your issuing ca certificate, it is in the >> openxpki/tls/chain folder, after placing the PEM encoded certifiate >> there you need to create the symlink with the hash-name using the >> "c_rehash" tool. >> >> Oliver >> >> -- >> Protect your environment - close windows and adopt a penguin! >> >> >> _______________________________________________ >> OpenXPKI-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/openxpki-users >> >
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
