Hi Martin/Oliver, What are the general steps if we want to add custom inputs through RPC to workflow context and later it will be used/referenced in render subject? Thanks in advance. Regards,Mukilan On Monday, 19 December, 2022 at 12:17:10 pm GMT+1, Mukilan P via OpenXPKI-users <openxpki-users@lists.sourceforge.net> wrote: Thanks Martin for your response. Regards,Mukilan On Tuesday, 15 November, 2022 at 04:22:56 pm GMT+1, Mukilan P via OpenXPKI-users <openxpki-users@lists.sourceforge.net> wrote: Hi Oliver,
Thanks for your fast response. Does it mean that we can't ignore signatureverification for CSR? I will explain the use case. We would like to modify theSubjectDN/SAN as part of our own policy while internal clients (devices, computersand etc) are raising certificate requests. The internal clients will send theCSR to a proxy, then proxy will contact on behalf of client to send CSR and receivecertificate. The proxy will do all the policy implementation related to Subjectand SAN. Since the Subject DN/SAN is modified in proxy,we would like to instruct the OpenXPKI to ignore signature validation for CSR.Is there any way/configuration parameter to instruct the OpenXPKI to ignore thesignature validation for CSR. Regards,Mukilan On Tuesday, 15 November, 2022 at 02:31:50 pm GMT+1, Oliver Welter <m...@oliwel.de> wrote: Hi Mukilan, if you look at the workflow history you will very likely see the output of a crashed OpenSSL command. The OpenXPKI default backend uses the openssl binary to sign CSRs and this does not work if the PCKS10 container is not properly formated/signed. We had such a problem at a customer installation some time ago with broken appliances and ended up with a patched version of OpenSSL doing the job. best regards Oliver On 15.11.22 13:59, Mukilan P via OpenXPKI-users wrote: Hi Experts, This is further to the above query. I changed the value verify_signature to 0 in workflow/global/validator/pkcs10_valid.yaml like below, but getting 'PREPARED' status instead of SUCCESS class: OpenXPKI::Server::Workflow::Validator::PKCS10 param: empty_subject: 1 verify_signature: 0 arg: - $pkcs10 On Tuesday, 15 November, 2022 at 12:29:57 pm GMT+1, Mukilan P via OpenXPKI-users <openxpki-users@lists.sourceforge.net> wrote: Hi Experts, Is there any way to disable pkcs10 signature verification as part of enroll/renewal in OpenXPKI? Thanks in advance. Regards, Mukilan _______________________________________________ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users _______________________________________________ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users -- Protect your environment - close windows and adopt a penguin! _______________________________________________ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users _______________________________________________ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users _______________________________________________ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
_______________________________________________ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users