Hi all, Oliver wrote: > you will not be able to get the private key for a certificate using the cert > search as the key is not a property of the certificate. > If a key was generated on the PKI during the CSR workflow, you must use the > workflow for key export to extract it from the > database which will - with the default workflows - also require the password > used during creation.
I thing, you got me wrong: I don’t want to retrieve the private key, instead, I want to be able to retrieve a certificate’s public key. With the default settings of the docker image, the Endpoint http://localhost:8080/rpc/enroll/SearchCertificate<http://localhost:8080/rpc/enroll/SearchCertificatel> delivers only some of the keys metadata, not the public key itself. > I don't know what you are trying to achieve but it does not look like the > right approach for me - if you need keys on an > automated interface, it would be the better approach to have a RPC workflow > to create key and certificate as once > or even better hand over the key into the system. I just want to be able to search for a certificate (e.g. by common name) and retrieve it’s public key. This shall be done through REST calls. > If you prefer REST, it is easily possible by configuring the RPC interface > the right way. Would be nice, if you could give me a hint, how to achieve that. Kind regards Andreas Von: Oliver Welter <[email protected]> Antworten an: "[email protected]" <[email protected]> Datum: Montag, 20. September 2021 um 07:58 An: "[email protected]" <[email protected]> Betreff: Re: [OpenXPKI-users] How do I retrieve a Certificates key via RPC-call to http://localhost:8080/rpc/enroll/SearchCertificate Hi Andreas, you will not be able to get the private key for a certificate using the cert search as the key is not a property of the certificate. If a key was generated on the PKI during the CSR workflow, you must use the workflow for key export to extract it from the database which will - with the default workflows - also require the password used during creation. I don't know what you are trying to achieve but it does not look like the right approach for me - if you need keys on an automated interface, it would be the better approach to have a RPC workflow to create key and certificate as once or even better hand over the key into the system. If you prefer REST, it is easily possible by configuring the RPC interface the right way. Oliver Am 16.09.21 um 21:09 schrieb [email protected]<mailto:[email protected]>: Hi all, I’m struggling to retrieve certificates (including the certificate’s key) from openXPKI via RPC-call (REST-call would be even better). Somehow, I managed to get the openxpki-docker containers from docker Hub up and running - so I am able to create certificates via WebUI. Also RPC-calls to the SearchCertificate method work fine: curl -s -F "method=SearchCertificate" -F "common_name=Rob Roberts" http://localhost:8080/rpc/enroll | python -m json.tool { "result": { "data": { "cert_identifier": "jLy7gIbwwvnvOCMRpTPgdw6uVpg", "notafter": "2022-03-16T16:54:56", "notbefore": "2021-09-16T16:54:56", "status": "ISSUED" }, "id": 0, "pid": 71, "proc_state": "finished", "state": "SUCCESS" } } Looks perfekt, but the key is missing! Seems, that I have to change enroll.yaml AND the certificate_search workflow, to add the certificate’s key as an additional output field: https://sourceforge.net/p/openxpki/mailman/openxpki-users/thread/26520814-81cf-2d0e-a8dd-431b6e4149ea%40oliwel.de/#msg36766216 But I don’t know, how to do that. Could some of the experts give me advice? As I am not a C# / Perl / OpenXPKI expert, I hope, you can help me with “easy to understand/digest” answers. (of cause: “ready to use” code-snippets/files would be perfect, but I do not dare to ask for that). Kind regards Andreas _______________________________________________ OpenXPKI-users mailing list [email protected]<mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/openxpki-users -- Protect your environment - close windows and adopt a penguin!
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
