Hi Oliver,
Thank you very much I just had to modify 77 instead of 64 in
transaction_id.yaml :
#match: \A(\w+:)?[0-9a-zA-Z]{32,64}(:\d+)?\z
match: \A(\w+:)?[0-9a-zA-Z]{32,77}(:\d+)?\z
Openxpki is beautiful :-)
Eric
Feb 8, 2022, 19:13 by [email protected]:
> Hi Eric,
>
> those logs do not match your first post...in this case the reason is the
> regex for the transaction_id which does not match the regex found in
> config.d/realm.tpl/workflow/global/field/transaction_id.yaml. Remove or
> fix the regex and it should hopefully do.
>
> Oliver
>
> Am 08.02.22 um 18:10 schrieb cwam--- via OpenXPKI-users:
>
>> Hi Oliver.
>>
>> According to the webUI and workflow.log, no workflow is started.
>> I am requesting only one certificate (only one try in the following
>> logs).
>> This is my openxpki.log after a fresh docker start and a getcert at
>> 16:33.
>>
>> 2022/02/08 16:28:48 INFO Loaded auth handler LocalPassword [pid=1|]
>> 2022/02/08 16:28:48 INFO Loaded auth handler Anonymous [pid=1|]
>> 2022/02/08 16:28:48 INFO Loaded auth handler System [pid=1|]
>> 2022/02/08 16:28:48 INFO Loaded auth handler Certificate [pid=1|]
>> 2022/02/08 16:28:48 INFO Loaded auth handler Password Connector
>> [pid=1|]
>> 2022/02/08 16:28:48 INFO Loaded auth handler TestAccounts [pid=1|]
>> 2022/02/08 16:33:08 ERROR Error executing SCEP command
>> 'PKIOperation':
>> I18N_OPENXPKI_UI_VALIDATOR_FIELD_TYPE_INVALID[pid=19|sid=FuTq|wftype=certificate_enroll|wfid=5887|sceptid=39746307736602139464711739816579892826419596063044338920628525300358398474976]
>>
>> catchall.log - I see a "try to start new workflow"
>>
>> 2022/02/08 16:33:08 openxpki.application.INFO LibSCEP PKIOperation;
>> message type: PKCSReq [pid=19|sid=FuTq]
>> 2022/02/08 16:33:08 openxpki.application.INFO SCEP incoming request,
>> id39746307736602139464711739816579892826419596063044338920628525300358398474976[pid=19|sid=FuTq|sceptid=39746307736602139464711739816579892826419596063044338920628525300358398474976]
>> 2022/02/08 16:33:08 openxpki.application.INFO SCEP try to start new
>> workflow
>> for39746307736602139464711739816579892826419596063044338920628525300358398474976[pid=19|sid=FuTq|sceptid=39746307736602139464711739816579892826419596063044338920628525300358398474976]
>> 2022/02/08 16:33:08 openxpki.system.ERROR Error executing SCEP
>> command 'PKIOperation':
>> I18N_OPENXPKI_UI_VALIDATOR_FIELD_TYPE_INVALID[pid=19|sid=FuTq|wftype=certificate_enroll|wfid=5887|sceptid=39746307736602139464711739816579892826419596063044338920628525300358398474976]
>>
>> scep.log
>>
>> 2022/02/08 16:31:55 INF SCEP handler initialized [pid=69]
>> 2022/02/08 16:31:55 INF Incoming request from 192.168.56.127 with
>> GetCACaps [pid=69]
>> 2022/02/08 16:31:56 INF Incoming request from 192.168.56.127 with
>> GetCACert [pid=69]
>> 2022/02/08 16:33:07 INF Incoming request from 192.168.56.127 with
>> GetCACaps [pid=69]
>> 2022/02/08 16:33:07 INF Incoming request from 192.168.56.127 with
>> PKIOperation [pid=69]
>> 2022/02/08 16:33:08 ERR SCEP response is empty [pid=69]
>>
>>
>> When I am using sscep, all is OK.
>> Thanks for your help Oliver.
>>
>> Regards,
>> Eric
>>
>> --
>> Sent with Tutanota, the secure & ad-free mailbox.
>>
>>
>>
>> Feb 7, 2022, 20:22 by >> [email protected]>> :
>>
>>> Hi Eric,
>>>
>>> you get this kind of error when you either send two requests in a
>>> very
>>> short time (database transaction isolation) or when your workflow
>>> crashes during startup. Can you please check if a workflow was
>>> created
>>> and/or for any other error messages before this log line in
>>> openxpki.log
>>>
>>> Oliver
>>>
>>> Am 07.02.22 um 16:29 schrieb cwam--- via OpenXPKI-users:
>>>
>>>> Hi,
>>>>
>>>> I meet difficulties using "getcert request" (from certmonger).
>>>>
>>>> # CLIENT SIDE
>>>>
>>>> Here is how I am trying to get a certificate from OpenXPKI SCEP
>>>> server
>>>> from a client :
>>>>
>>>> $ getcert request -I obtenirUnCertificat -c openxpki -d
>>>> /etc/pki/nssdb
>>>> -n scep-client-test -N cn="app.domain.lan"
>>>>
>>>> $ getcert list
>>>> Number of certificates and requests being tracked: 1.
>>>> Request ID 'obtenirUnCertificat':
>>>> status: CA_UNREACHABLE
>>>> ca-error: Server reply was of unexpected MIME type "text/plain".
>>>> stuck: no
>>>> key pair storage:
>>>> type=NSSDB,location='/etc/pki/nssdb',nickname='scep-client-test',token='NSS
>>>> Certificate DB'
>>>> certificate:
>>>> type=NSSDB,location='/etc/pki/nssdb',nickname='scep-client-test'
>>>> signing request thumbprint (MD5): 44947907 8D31F82C A722E441
>>>> 891312E5
>>>> signing request thumbprint (SHA1): B329431B 72243BB2 8EC57B10
>>>> B632DDF6
>>>> FFD80142
>>>> CA: openxpki
>>>> issuer:
>>>> subject:
>>>> expires: unknown
>>>> pre-save command:
>>>> post-save command:
>>>> track: yes
>>>> auto-renew: yes
>>>>
>>>> As you can read the error is : "Server reply was of unexpected
>>>> MIME
>>>> type "text/plain"."
>>>>
>>>> # OPENXPKI SIDE
>>>> On the Openxpki side, openxpki.log is showing :
>>>>
>>>> 2022/02/07 14:46:14 ERROR
>>>> I18N_OPENXPKI_SERVICE_LIBSCEP_COMMAND_PKIOPERATION_PARALLEL_REQUESTS_DETECTED;
>>>> __DPSTATE__ => creating, __SERVER__ => generic,
>>>> __TRANSACTION_ID__ =>
>>>> 98045844304779527357588258779756540595169315217199782481781298876007486699834
>>>> [pid=181|sid=Hogn|sceptid=98045844304779527357588258779756540595169315217199782481781298876007486699834]
>>>>
>>>> 2022/02/07 14:46:14 ERROR Error executing SCEP command
>>>> 'PKIOperation':
>>>> I18N_OPENXPKI_SERVICE_LIBSCEP_COMMAND_PKIOPERATION_PARALLEL_REQUESTS_DETECTED;
>>>> __DPSTATE__ => creating, __SERVER__ => generic,
>>>> __TRANSACTION_ID__ =>
>>>> 98045844304779527357588258779756540595169315217199782481781298876007486699834
>>>> [pid=181|sid=Hogn|sceptid=98045844304779527357588258779756540595169315217199782481781298876007486699834]
>>>>
>>>> And scep.log
>>>>
>>>> 2022/02/07 14:46:13 INF Incoming request from 192.168.56.126
>>>> with
>>>> GetCACaps [pid=79]
>>>> 2022/02/07 14:46:14 INF Incoming request from 192.168.56.126
>>>> with
>>>> PKIOperation [pid=79]
>>>> 2022/02/07 14:46:14 ERR SCEP response is empty [pid=79]
>>>>
>>>>
>>>> Does anyone manage to use certmonger for scep requests to
>>>> openxpki
>>>> please ?
>>>>
>>>> Thank you.
>>>> Best regards.
>>>> Eric.
>>>>
>>>>
>>>> _______________________________________________
>>>> OpenXPKI-users mailing list
>>>> [email protected]
>>>> https://lists.sourceforge.net/lists/listinfo/openxpki-users
>>>>
>>>
>>>
>>> --
>>> Protect your environment - close windows and adopt a penguin!
>>>
>>>
>>>
>>> _______________________________________________
>>> OpenXPKI-users mailing list
>>> [email protected]
>>> https://lists.sourceforge.net/lists/listinfo/openxpki-users
>>>
>>
>>
>>
>> _______________________________________________OpenXPKI-users mailing list>>
>> [email protected]>>
>> https://lists.sourceforge.net/lists/listinfo/openxpki-users
>>
>
>
>
> -- Protect your environment - close windows and adopt a penguin!
>
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
