Hi all, I changed the RPC-Call according to Olivers hints, but it still doesn’t work:
--------------------------------------------- curl -s -F method=RequestCertificate -F comment=test -F pkcs10="$(cat certreq.pem)" -F "profile=tls-server" http://localhost:8080/rpc/enroll | python -m json.tool { "result": { "data": { "error_code": "Invalid Profile", "transaction_id": "a8cf0ec19b79c3ed0d434c66b3d54880c67f47be" }, "id": 2815, "pid": 94, "proc_state": "finished", "state": "FAILURE" } } --------------------------------------------- Any further ideas/hints? Kind regards Andreas Von: Oliver Welter <[email protected]> Antworten an: "[email protected]" <[email protected]> Datum: Freitag, 24. September 2021 um 18:56 An: "[email protected]" <[email protected]> Betreff: Re: [OpenXPKI-users] How do I retrieve a Certificates key via RPC-call to http://localhost:8080/rpc/enroll/SearchCertificate Hi Andreas, looks like there is a bug in the docs, the value set for "profile" is mapped to the internal profile names in the file "rpc/enroll.yaml" in the key "profile_map" and there the profile is written with a dash. Regarding REST: Have a look at the EST protocol, this will give you a very clean interface that requests a plain PKCS10 container as payload and returns a "raw" PKCS7 structure with the certificate without any encoding around. Oliver Am 24.09.21 um 16:26 schrieb [email protected]<mailto:[email protected]>: Hi all, @Oliver: thanks for this hint, but writing such a “RPC <-> REST” converter is kind of “overkill” for my purposes. Meanwhile I found out, that sending REST-Requests with the right header works fine for me: curl -s -X POST http://localhost:8080/rpc/enroll/SearchCertificate -H 'Content-Type: application/json' -d '{"common_name":"Rob Roberts"}' | python -m json.tool One problem solved, another problem arises: I try to “automatically” process a CSR, which I want to send via RPC/REST to the openXPKI Server. Tried this (and several other things), but failed: ------ # Generate a PKCS#10 CSR file “certreq.pem” openssl req -subj "/C=GB/ST=London/L=London/O=Global Security/OU=IT Department/CN=example.com" -nodes -newkey rsa:2048 -sha256 -outform PEM -out certreq.pem # Try to upload the CSR file – without success curl -s -F "method=RequestCertificate" -F "profile=tls_server" -F "comment=test" -F pkcs10="$(cat certreq.pem)" http://localhost:8080/rpc/enroll | python -m json.tool { "result": { "data": { "error_code": "Invalid Profile", "transaction_id": "a8cf0ec19b79c3ed0d434c66b3d54880c67f47be" }, "id": 2815, "pid": 94, "proc_state": "finished", "state": "FAILURE" } } ------ Any idea, what to do? Kind regards Andreas PS: To be honest: I am struggeling hard with openXPKI server’s documentation – the software itself seems to be quite promising, but documentation is hard to understand and quite limited (at least from my point of view). Von: Oliver Welter <[email protected]><mailto:[email protected]> Antworten an: "[email protected]"<mailto:[email protected]> <[email protected]><mailto:[email protected]> Datum: Freitag, 24. September 2021 um 15:17 An: "[email protected]"<mailto:[email protected]> <[email protected]><mailto:[email protected]> Betreff: Re: [OpenXPKI-users] How do I retrieve a Certificates key via RPC-call to http://localhost:8080/rpc/enroll/SearchCertificate Hi Andreas, to have "real" REST API you need to write a wrapper yourself that translates a REST path to a call to the RPC system and rewrites the result to the expected return structure. There is no ready-to-go component in OpenXPKI CE for this as such an interface is always very customer specific. Oliver Am 23.09.21 um 18:23 schrieb [email protected]<mailto:[email protected]>: Hi Oliver, thanks a lot! Your reference to "_map_certificate: [% Certificate.pem(...) %]“ … was close and guided me to the right direction, but – big surprise – it didn’t work. Finally I found out that the following line works: “_map_pem: "[% USE Certificate %][% Certificate.pem(context.cert_identifier) %]" Of cause, I had to adjust the file enroll.yaml appropriately too: [SearchCertificate] workflow = certificate_search param = common_name output = cert_identifier, pem, notbefore, notafter, status The result was pretty much what I had been searching for: curl -s -F "method=SearchCertificate" -F "common_name=Rob Roberts" http://localhost:8080/rpc/enroll | python -m json.tool { "result": { "data": { "cert_identifier": "jLy7gIbwwvnvOCMRpTPgdw6uVpg", "notafter": "2022-03-16T16:54:56", "notbefore": "2021-09-16T16:54:56", "pem": "-----BEGIN CERTIFICATE-----\nm …….. v9MRebfA=\n-----END CERTIFICATE-----", "status": "ISSUED" }, "id": 0, "pid": 70, "proc_state": "finished", "state": "SUCCESS" } } So far, so good (and once again: thank you for your help!) What remains open, is my question, how to switch from RPC to REST. Could you give me a hint, how to achieve that? Kind regards Andreas _______________________________________________ OpenXPKI-users mailing list [email protected]<mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/openxpki-users -- Protect your environment - close windows and adopt a penguin! _______________________________________________ OpenXPKI-users mailing list [email protected]<mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/openxpki-users -- Protect your environment - close windows and adopt a penguin!
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
