Hi Andreas, at least in my world "key" in conjunction with certificate usually refers to the private key....
If you just want the certificate in the output all you need to do is to add another line "_map_certificate: [% Certificate.pem(...) %] " in the workflows "get_certificate_data" action to write the PEM block to the context key "certificate" and add this key in the output filter as written in the post you already linked. Oliver Am 20.09.21 um 19:28 schrieb [email protected]: > > Hi all, > > > > Oliver wrote: > > > you will not be able to get the private key for a certificate using > the cert search as the key is not a property of the certificate. > > > If a key was generated on the PKI during the CSR workflow, you must use the > workflow for key export to extract it from the > > > database which will - with the default workflows - also require the > > password used during > creation. > > > > I thing, you got me wrong: > > > I don’t want to retrieve the private key, instead, I want to be able > to retrieve a certificate’s public key. > > With the default settings of the docker image, the Endpoint > http://localhost:8080/rpc/enroll/SearchCertificate > <http://localhost:8080/rpc/enroll/SearchCertificatel> delivers only > some of the keys metadata, not the public key itself. > > > > > I don't know what you are trying to achieve but it does not look like the > > right > approach for me - if you need keys on an > > > automated interface, it would be the better approach to have a RPC workflow > > to > create key and certificate as once > > > or even better hand over the key into the system. > > > > I just want to be able to search for a certificate (e.g. by common > name) and retrieve it’s public key. > This shall be done through REST calls. > > > > > If you prefer REST, it is easily possible by configuring the RPC interface > > the right way. > > > > Would be nice, if you could give me a hint, how to achieve that. > > > > Kind regards > > > > Andreas > > > > > > *Von: *Oliver Welter <[email protected]> > *Antworten an: *"[email protected]" > <[email protected]> > *Datum: *Montag, 20. September 2021 um 07:58 > *An: *"[email protected]" > <[email protected]> > *Betreff: *Re: [OpenXPKI-users] How do I retrieve a Certificates key > via RPC-call to http://localhost:8080/rpc/enroll/SearchCertificate > > > > Hi Andreas, > > > > you will not be able to get the private key for a certificate using > the cert search as the key is not a property of the certificate. If a > key was generated on the PKI during the CSR workflow, you must use the > workflow for key export to extract it from the database which will - > with the default workflows - also require the password used during > creation. > > > > I don't know what you are trying to achieve but it does not look like > the right approach for me - if you need keys on an automated > interface, it would be the better approach to have a RPC workflow to > create key and certificate as once or even better hand over the key > into the system. > > > > If you prefer REST, it is easily possible by configuring the RPC > interface the right way. > > > > Oliver > > > > Am 16.09.21 um 21:09 schrieb [email protected] > <mailto:[email protected]>: > > Hi all, > > > > I’m struggling to retrieve certificates (including the > certificate’s key) from openXPKI via RPC-call (REST-call would be > even better). > > Somehow, I managed to get the openxpki-docker containers from > docker Hub up and running - so I am able to create certificates > via WebUI. > > > > Also RPC-calls to the SearchCertificate method work fine: > > > > curl -s -F "method=SearchCertificate" -F "common_name=Rob > Roberts" http://localhost:8080/rpc/enroll > <http://localhost:8080/rpc/enroll> | python -m json.tool > > { > > "result": { > > "data": { > > "cert_identifier": "jLy7gIbwwvnvOCMRpTPgdw6uVpg", > > "notafter": "2022-03-16T16:54:56", > > "notbefore": "2021-09-16T16:54:56", > > "status": "ISSUED" > > }, > > "id": 0, > > "pid": 71, > > "proc_state": "finished", > > "state": "SUCCESS" > > } > > } > > > > Looks perfekt, but the key is missing! > > > > Seems, that I have to change enroll.yaml AND the > certificate_search workflow, to add the certificate’s key as an > additional output field: > > https://sourceforge.net/p/openxpki/mailman/openxpki-users/thread/26520814-81cf-2d0e-a8dd-431b6e4149ea%40oliwel.de/#msg36766216 > > <https://sourceforge.net/p/openxpki/mailman/openxpki-users/thread/26520814-81cf-2d0e-a8dd-431b6e4149ea%40oliwel.de/#msg36766216> > > > > But I don’t know, how to do that. > > Could some of the experts give me advice? > > > > As I am not a C# / Perl / OpenXPKI expert, I hope, you can help me > with “easy to understand/digest” answers. > (of cause: “ready to use” code-snippets/files would be perfect, > but I do not dare to ask for that). > > > > Kind regards > > > > Andreas > > > > > > > > > _______________________________________________ > > OpenXPKI-users mailing list > > [email protected] > <mailto:[email protected]> > > https://lists.sourceforge.net/lists/listinfo/openxpki-users > <https://lists.sourceforge.net/lists/listinfo/openxpki-users> > > > > -- > Protect your environment - close windows and adopt a penguin! > > > _______________________________________________ > OpenXPKI-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/openxpki-users -- Protect your environment - close windows and adopt a penguin!
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
