Hi Andreas, looks like there is a bug in the docs, the value set for "profile" is mapped to the internal profile names in the file "rpc/enroll.yaml" in the key "profile_map" and there the profile is written with a dash.
Regarding REST: Have a look at the EST protocol, this will give you a very clean interface that requests a plain PKCS10 container as payload and returns a "raw" PKCS7 structure with the certificate without any encoding around. Oliver Am 24.09.21 um 16:26 schrieb [email protected]: > > Hi all, > > > > @Oliver: thanks for this hint, but writing such a “RPC <-> REST” > converter is kind of “overkill” for my purposes. > > Meanwhile I found out, that sending REST-Requests with the right > header works fine for me: > > > > curl -s -X POST http://localhost:8080/rpc/enroll/SearchCertificate > <http://localhost:8080/rpc/enroll/SearchCertificate> -H > 'Content-Type: application/json' -d '{"common_name":"Rob Roberts"}' | > python -m json.tool > > > > One problem solved, another problem arises: > I try to “automatically” process a CSR, which I want to send via > RPC/REST to the openXPKI Server. > > > > Tried this (and several other things), but failed: > > > > ------ > > # Generate a PKCS#10 CSR file “certreq.pem” > > openssl req -subj "/C=GB/ST=London/L=London/O=Global Security/OU=IT > Department/CN=example.com" -nodes -newkey rsa:2048 -sha256 -outform > PEM -out certreq.pem > > > > # Try to upload the CSR file – without success > > curl -s -F "method=RequestCertificate" -F "profile=tls_server" -F > "comment=test" -F pkcs10="$(cat certreq.pem)" > http://localhost:8080/rpc/enroll | python -m json.tool > > { > > "result": { > > "data": { > > "error_code": "Invalid Profile", > > "transaction_id": "a8cf0ec19b79c3ed0d434c66b3d54880c67f47be" > > }, > > "id": 2815, > > "pid": 94, > > "proc_state": "finished", > > "state": "FAILURE" > > } > > } > > > > ------ > > > > Any idea, what to do? > > > > Kind regards > > > > Andreas > > > > PS: To be honest: I am struggeling hard with openXPKI server’s > documentation – the software itself seems to be quite promising, but > documentation is hard to understand and quite limited (at least from > my point of view). > > > > > > > > *Von: *Oliver Welter <[email protected]> > *Antworten an: *"[email protected]" > <[email protected]> > *Datum: *Freitag, 24. September 2021 um 15:17 > *An: *"[email protected]" > <[email protected]> > *Betreff: *Re: [OpenXPKI-users] How do I retrieve a Certificates key > via RPC-call to http://localhost:8080/rpc/enroll/SearchCertificate > > > > Hi Andreas, > > > > to have "real" REST API you need to write a wrapper yourself that > translates a REST path to a call to the RPC system and rewrites the > result to the expected return structure. There is no ready-to-go > component in OpenXPKI CE for this as such an interface is always very > customer specific. > > > > Oliver > > > > Am 23.09.21 um 18:23 schrieb [email protected] > <mailto:[email protected]>: > > Hi Oliver, > > > > thanks a lot! > > Your reference to > > > > "_map_certificate: [% Certificate.pem(...) %]“ > > > > … was close and guided me to the right direction, but – big > surprise – it didn’t work. > Finally I found out that the following line works: > > > > “_map_pem: "[% USE Certificate %][% > Certificate.pem(context.cert_identifier) %]" > > > > Of cause, I had to adjust the file enroll.yaml appropriately too: > > > > [SearchCertificate] > > workflow = certificate_search > > param = common_name > > output = cert_identifier, pem, notbefore, notafter, status > > > > The result was pretty much what I had been searching for: > > > > curl -s -F "method=SearchCertificate" -F "common_name=Rob > Roberts" http://localhost:8080/rpc/enroll > <http://localhost:8080/rpc/enroll> | python -m json.tool > > { > > "result": { > > "data": { > > "cert_identifier": "jLy7gIbwwvnvOCMRpTPgdw6uVpg", > > "notafter": "2022-03-16T16:54:56", > > "notbefore": "2021-09-16T16:54:56", > > "pem": "-----BEGIN CERTIFICATE-----\nm …….. > v9MRebfA=\n-----END CERTIFICATE-----", > > "status": "ISSUED" > > }, > > "id": 0, > > "pid": 70, > > "proc_state": "finished", > > "state": "SUCCESS" > > } > > } > > > > So far, so good (and once again: thank you for your help!) > > > > What remains open, is my question, how to switch from RPC to REST. > > Could you give me a hint, how to achieve that? > > > > Kind regards > > > > Andreas > > > > > > > > > > > _______________________________________________ > > OpenXPKI-users mailing list > > [email protected] > <mailto:[email protected]> > > https://lists.sourceforge.net/lists/listinfo/openxpki-users > <https://lists.sourceforge.net/lists/listinfo/openxpki-users> > > > > -- > Protect your environment - close windows and adopt a penguin! > > > _______________________________________________ > OpenXPKI-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/openxpki-users -- Protect your environment - close windows and adopt a penguin!
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
