Hi Andreas, you must use a new CSR - the RPC wrapper uses the PKCS10 container from the input to search for existing workflows for this container to allow asynchronous operations without the need to deal with explicit transaction ids. Therefore you are redirected to the old workflow (see the content of the id field) which is already failed.
Oliver Am 25.09.21 um 17:49 schrieb [email protected]: > > Hi all, > > > > I changed the RPC-Call according to Olivers hints, but it still > doesn’t work: > > > > --------------------------------------------- > > curl -s -F method=RequestCertificate -F comment=test -F pkcs10="$(cat > certreq.pem)" -F "profile=tls-server" > http://localhost:8080/rpc/enroll | python -m json.tool > > { > > "result": { > > "data": { > > "error_code": "Invalid Profile", > > "transaction_id": "a8cf0ec19b79c3ed0d434c66b3d54880c67f47be" > > }, > > "id": 2815, > > "pid": 94, > > "proc_state": "finished", > > "state": "FAILURE" > > } > > } > > --------------------------------------------- > > > > Any further ideas/hints? > > > > Kind regards > > > > Andreas > > > > *Von: *Oliver Welter <[email protected]> > *Antworten an: *"[email protected]" > <[email protected]> > *Datum: *Freitag, 24. September 2021 um 18:56 > *An: *"[email protected]" > <[email protected]> > *Betreff: *Re: [OpenXPKI-users] How do I retrieve a Certificates key > via RPC-call to http://localhost:8080/rpc/enroll/SearchCertificate > > > > Hi Andreas, > > > > looks like there is a bug in the docs, the value set for "profile" is > mapped to the internal profile names in the file "rpc/enroll.yaml" in > the key "profile_map" and there the profile is written with a dash. > > > > Regarding REST: Have a look at the EST protocol, this will give you a > very clean interface that requests a plain PKCS10 container as payload > and returns a "raw" PKCS7 structure with the certificate without any > encoding around. > > > > Oliver > > > > Am 24.09.21 um 16:26 schrieb [email protected] > <mailto:[email protected]>: > > Hi all, > > > > @Oliver: thanks for this hint, but writing such a “RPC <-> REST” > converter is kind of “overkill” for my purposes. > > Meanwhile I found out, that sending REST-Requests with the right > header works fine for me: > > > > curl -s -X POST > http://localhost:8080/rpc/enroll/SearchCertificate > <http://localhost:8080/rpc/enroll/SearchCertificate> -H > 'Content-Type: application/json' -d '{"common_name":"Rob > Roberts"}' | python -m json.tool > > > > One problem solved, another problem arises: > I try to “automatically” process a CSR, which I want to send via > RPC/REST to the openXPKI Server. > > > > Tried this (and several other things), but failed: > > > > ------ > > # Generate a PKCS#10 CSR file “certreq.pem” > > openssl req -subj "/C=GB/ST=London/L=London/O=Global > Security/OU=IT Department/CN=example.com" -nodes -newkey rsa:2048 > -sha256 -outform PEM -out certreq.pem > > > > # Try to upload the CSR file – without success > > curl -s -F "method=RequestCertificate" -F "profile=tls_server" -F > "comment=test" -F pkcs10="$(cat certreq.pem)" > http://localhost:8080/rpc/enroll > <http://localhost:8080/rpc/enroll> | python -m json.tool > > { > > "result": { > > "data": { > > "error_code": "Invalid Profile", > > "transaction_id": > "a8cf0ec19b79c3ed0d434c66b3d54880c67f47be" > > }, > > "id": 2815, > > "pid": 94, > > "proc_state": "finished", > > "state": "FAILURE" > > } > > } > > > > ------ > > > > Any idea, what to do? > > > > Kind regards > > > > Andreas > > > > PS: To be honest: I am struggeling hard with openXPKI > server’s documentation – the software itself seems to be quite > promising, but documentation is hard to understand and quite > limited (at least from my point of view). > > > > > > > > *Von: *Oliver Welter <[email protected]> <mailto:[email protected]> > *Antworten an: *"[email protected]" > <mailto:[email protected]> > <[email protected]> > <mailto:[email protected]> > *Datum: *Freitag, 24. September 2021 um 15:17 > *An: *"[email protected]" > <mailto:[email protected]> > <[email protected]> > <mailto:[email protected]> > *Betreff: *Re: [OpenXPKI-users] How do I retrieve a Certificates > key via RPC-call to > http://localhost:8080/rpc/enroll/SearchCertificate > <http://localhost:8080/rpc/enroll/SearchCertificate> > > > > Hi Andreas, > > > > to have "real" REST API you need to write a wrapper yourself that > translates a REST path to a call to the RPC system and rewrites > the result to the expected return structure. There is no > ready-to-go component in OpenXPKI CE for this as such an interface > is always very customer specific. > > > > Oliver > > > > Am 23.09.21 um 18:23 schrieb [email protected] > <mailto:[email protected]>: > > Hi Oliver, > > > > thanks a lot! > > Your reference to > > > > "_map_certificate: [% Certificate.pem(...) %]“ > > > > … was close and guided me to the right direction, but – big > surprise – it didn’t work. > Finally I found out that the following line works: > > > > “_map_pem: "[% USE Certificate %][% > Certificate.pem(context.cert_identifier) %]" > > > > Of cause, I had to adjust the file enroll.yaml appropriately too: > > > > [SearchCertificate] > > workflow = certificate_search > > param = common_name > > output = cert_identifier, pem, notbefore, notafter, status > > > > The result was pretty much what I had been searching for: > > > > curl -s -F "method=SearchCertificate" -F "common_name=Rob > Roberts" http://localhost:8080/rpc/enroll > <http://localhost:8080/rpc/enroll> | python -m json.tool > > { > > "result": { > > "data": { > > "cert_identifier": "jLy7gIbwwvnvOCMRpTPgdw6uVpg", > > "notafter": "2022-03-16T16:54:56", > > "notbefore": "2021-09-16T16:54:56", > > "pem": "-----BEGIN CERTIFICATE-----\nm …….. > v9MRebfA=\n-----END CERTIFICATE-----", > > "status": "ISSUED" > > }, > > "id": 0, > > "pid": 70, > > "proc_state": "finished", > > "state": "SUCCESS" > > } > > } > > > > So far, so good (and once again: thank you for your help!) > > > > What remains open, is my question, how to switch from RPC to REST. > > Could you give me a hint, how to achieve that? > > > > Kind regards > > > > Andreas > > > > > > > > > > > > _______________________________________________ > > OpenXPKI-users mailing list > > [email protected] > <mailto:[email protected]> > > https://lists.sourceforge.net/lists/listinfo/openxpki-users > <https://lists.sourceforge.net/lists/listinfo/openxpki-users> > > > > -- > > Protect your environment - close windows and adopt a penguin! > > > > > _______________________________________________ > > OpenXPKI-users mailing list > > [email protected] > <mailto:[email protected]> > > https://lists.sourceforge.net/lists/listinfo/openxpki-users > <https://lists.sourceforge.net/lists/listinfo/openxpki-users> > > > > -- > Protect your environment - close windows and adopt a penguin! > > > _______________________________________________ > OpenXPKI-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/openxpki-users -- Protect your environment - close windows and adopt a penguin!
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
