Hello!
I am trying to set up OpenXPKI with SCEP on our internal infrastructure
for evaluation purposes.
Unfortunately, it does not work, either with sscep, nor certmonger.
The issue seems to come from querying an in progress certificate.
Initially requesting a certificate does succeed with sscep - I have it
in pending enrollment approval (it does not work with certmonger, but
that is because of the transaction_id not matching the hash regex and
probably a client bug, I'll try to solve that in the workflow later and
post the workaround).
Commands to reproduce:
# Gets CA certificates - works
./sscep \
getca \
-u http://openxpki.synedra.lan/scep/generic \
-c tst/ca-cert
# Works initially, fails after querying enrollment progress after two
seconds (-t 2)
./sscep \
enroll \
-u http://openxpki.synedra.lan/scep/generic/ \
-k tst/test.key \
-r tst/test.csr \
-l tst/test.crt \
-c tst/ca-cert-0 \
-t 2 \
-v
# After initially enrolling, you can reproduce the issue with this
command, without enrolling a second certificate:
./sscep \
enroll \
-R \
-u http://openxpki.synedra.lan/scep/generic/ \
-k tst/test.key \
-r tst/test.csr \
-l tst/test.crt \
-c tst/ca-cert-0 \
-t 2 \
-v
I started with a fresh config, just so we had less potential issues with
SCEP - you can find a diff between our and default cfg attached.
Log says:
2023/11/29 09:47:11 ERR I18N_OPENXPKI_UI_VALIDATOR_FIELD_TYPE_INVALID
[pid=2659|ep=generic]
2023/11/29 09:47:11 INF Input validation failed [pid=2659|ep=generic]
2023/11/29 09:47:11 WAR Client error / malformed request badRequest
[pid=2659|ep=generic]
2023/11/29 09:47:11 INF Disconnect client [pid=2659|ep=generic]
...on trace (attached), it reports that there is no pkcs10 payload
attached on the GetCertInitial request.
If I got this right
(https://datatracker.ietf.org/doc/html/rfc8894#CertPoll), then there
should be no PKCS10 here at all.
I believe it's starting the wrong workflow (certificate_enroll, when it
should be check_enrollment). In /usr/lib/cgi-bin/scepv3.fcgi on line
'102 it says '# TODO - improve handling of GetCertInitial and
RenewalReq' - could this be the issue?
Has anyone got SCEP enrollment with manual approval working? Did I do
anything wrong?
Thanks for your help and kind regards!
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..8ee0f4c
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,2 @@
+local/
+tls/
diff --git a/config.d/realm.tpl/auth/handler.yaml
b/config.d/realm.tpl/auth/handler.yaml
index ce6c5a1..9a20222 100644
--- a/config.d/realm.tpl/auth/handler.yaml
+++ b/config.d/realm.tpl/auth/handler.yaml
@@ -21,62 +21,3 @@ Certificate:
LocalPassword:
type: Password
user@: connector:auth.connector.userdb
-
-# Accounts for testing, Password for all accounts is "openxpki"
-# the additional keys can hold arbitrary information but those
-# named here are used to prefill the requestor information in the
-# sample profile items.
-TestAccounts:
- type: Password
- user:
- caop:
- digest: "{ssha}JQ2BAoHQZQgecmNjGF143k4U2st6bE5B"
- role: CA Operator
-
- raop:
- digest: "$1$NgiUHfZ4$G/Zic.SH6cuWaGpqtbVWI1"
- role: RA Operator
- name: Operator
- gname: Óðinn
- realname: Óðinn Operator
- email: [email protected]
- tenant:
- - Alice Group
- - Bob Group
-
- rose:
- digest:
"$5$YXQUdF.xJGuTdPjf$peg58UGjJ52a8rCnv13IWyH/y4b0PNdM12i7bzXqbuD"
- role: RA Operator
- name: Robinson
- gname: Rose
- realname: Rose Robinson
- email: [email protected]
- tenant: Alice Group
-
- rob:
- digest: "{ssha}JQ2BAoHQZQgecmNjGF143k4U2st6bE5B"
- role: RA Operator
- name: Roberts
- gname: Rob
- realname: Rob Roberts
- email: [email protected]
- tenant: Bob Group
-
- alice:
- digest: "{ssha}JQ2BAoHQZQgecmNjGF143k4U2st6bE5B"
- role: User
- name: Anderson
- gname: Alice
- realname: Alice Anderson
- email: [email protected]
- tenant: Alice Group
-
- bob:
- digest: "{ssha}JQ2BAoHQZQgecmNjGF143k4U2st6bE5B"
- role: User
- name: Baker
- gname: Bob
- realname: Bob Baker
- email: [email protected]
- tenant: Bob Group
-
diff --git a/config.d/realm.tpl/auth/stack.yaml
b/config.d/realm.tpl/auth/stack.yaml
index 95b2294..1363ffb 100644
--- a/config.d/realm.tpl/auth/stack.yaml
+++ b/config.d/realm.tpl/auth/stack.yaml
@@ -1,8 +1,3 @@
-# Please remove the Testing entry for all non-demo usages!
-# Please also review and adjust handler.yaml as there are
-# HARDCODED PASSWORDS for testing and other wildcard which are not
-# suitable for production use!
-
# Allows Anonymous Login (also from the WebUI!)
Anonymous:
label: Anonymous
@@ -18,16 +13,6 @@ LocalPassword:
handler: LocalPassword
type: passwd
-# Test Accounts with hardcoded passwords and userinfo in handler.yaml
-Testing:
- label: Test Accounts
- description: |
- Test accounts - valid user names are <tt>alice</tt>, <tt>bob</tt>
(users) and <tt>rose</tt>, <tt>rob</tt> (operators).<br>
- Password for all accounts is <tt>openxpki</tt> on <b>unmodified config
checkouts</b>,<br>
- package installers set a <b>random value</b> that can be found in the
file auth/handler.yaml.
- handler: TestAccounts
- type: passwd
-
# Login with a client certificate, needs to be setup on the webserver
Certificate:
label: Client certificate
@@ -41,4 +26,4 @@ Certificate:
# The default handler for automated interfaces, hidden from the UI
_System:
- handler: System
\ No newline at end of file
+ handler: System
diff --git a/config.d/realm.tpl/crypto.yaml b/config.d/realm.tpl/crypto.yaml
index 1e98673..8922d9a 100644
--- a/config.d/realm.tpl/crypto.yaml
+++ b/config.d/realm.tpl/crypto.yaml
@@ -35,22 +35,16 @@ token:
# Default value for import, recorded in database, can be overriden
secret: default
- # use ALIAS as key as it makes debug and management easier
ca-signer:
inherit: default
- key_store: DATAPOOL
- key: "[% ALIAS %]"
vault:
inherit: default
- key: /etc/openxpki/local/keys/[% ALIAS %].pem
# use KEY_IDENTIFIER as we might use the same key for multiple token
ratoken:
inherit: default
- key_store: DATAPOOL
- key: "[% KEY_IDENTIFIER %]"
- secret: ratoken
+ key: /etc/openxpki/local/keys/[% PKI_REALM %]/[% KEY_IDENTIFIER %].pem
# Define the secret groups
secret:
diff --git a/config.d/realm/rsyslog-prod b/config.d/realm/rsyslog-prod
new file mode 120000
index 0000000..42e7c67
--- /dev/null
+++ b/config.d/realm/rsyslog-prod
@@ -0,0 +1 @@
+/etc/openxpki/config.d/realm.tpl/
\ No newline at end of file
diff --git a/config.d/realm/synedra b/config.d/realm/synedra
new file mode 120000
index 0000000..42e7c67
--- /dev/null
+++ b/config.d/realm/synedra
@@ -0,0 +1 @@
+/etc/openxpki/config.d/realm.tpl/
\ No newline at end of file
diff --git a/config.d/realm/zabbix-prod b/config.d/realm/zabbix-prod
new file mode 120000
index 0000000..42e7c67
--- /dev/null
+++ b/config.d/realm/zabbix-prod
@@ -0,0 +1 @@
+/etc/openxpki/config.d/realm.tpl/
\ No newline at end of file
diff --git a/config.d/system/database.yaml b/config.d/system/database.yaml
index e7df752..94641b0 100644
--- a/config.d/system/database.yaml
+++ b/config.d/system/database.yaml
@@ -2,12 +2,12 @@ main:
debug: 0
# This requires libdbd-mysql-perl - see notes regarding driver at
#
https://openxpki.readthedocs.io/en/latest/reference/configuration/server.html
- type: MariaDB
+ type: PostgreSQL
name: openxpki
- #host: localhost
- #port: 3306
+ host: 127.0.0.1
+ port: 5432
user: openxpki
- passwd: openxpki
+ passwd: <password>
# extra options passed to the driver as parameter
#driver:
diff --git a/config.d/system/realms.yaml b/config.d/system/realms.yaml
index 9b0036b..d9de4f8 100644
--- a/config.d/system/realms.yaml
+++ b/config.d/system/realms.yaml
@@ -1,6 +1,13 @@
# This is the list of realms in this PKI
# You only need to enable the realms which are visible on the server
+rsyslog-prod:
+ label: RSyslog Production
+ baseurl: https://openxpki.synedra.lan
-democa:
- label: Example.org Demo CA
- baseurl: https://pki.example.com/openxpki/
+zabbix-prod:
+ label: Zabbix Production
+ baseurl: https://openxpki.synedra.lan
+
+synedra:
+ label: Web Production
+ baseurl: https://openxpki.synedra.lan
diff --git a/scep/default.conf b/scep/default.conf
index caf0026..d4361cc 100644
--- a/scep/default.conf
+++ b/scep/default.conf
@@ -1,6 +1,6 @@
[global]
socket = /var/openxpki/openxpki.socket
-realm = democa
+realm = synedra
[logger]
# A loglevel of DEBUG MIGHT disclose sensitive user input data
diff --git a/webui/default.conf b/webui/default.conf
index e8634d7..14d3eac 100644
--- a/webui/default.conf
+++ b/webui/default.conf
@@ -44,7 +44,8 @@ log_level = INFO
# Note - the driver is not part of the core package and must be installed
# on its own. For debian there is a package: openxpki-cgi-session-driver
# The file is in the source repo core/server/CGI_Session_Driver/openxpki.pm
-driver = driver:openxpki
+#driver = driver:openxpki
+driver=file
# Session expiration, see CGI::Session for syntax, default is no expiry
# timeout = +1m
# Set the IP Match option in CGI::Session, default is off
@@ -96,8 +97,9 @@ Password = openxpki
#certs-for-devops = serverca ; LocalPassword
# Hostname based match https://devops.pki.openxpki.org/
#devops.pki.openxpki.org = serverca ; LocalPassword
-democa = democa
-rootca = rootca
+synedra = synedra
+zabbix-prod = zabbix-prod
+rsyslog-prod = rsyslog-prod
# You can preset an auth stack to use, this will prevent the drop down
# even if more that one stack is available. This has the same effect as
2023/11/29 11:09:36 DEB Config for service scep loaded [pid=3677|ep=[undef]]
2023/11/29 11:09:36 TRA Global config: {
'PKIOperation' => {
'env' => 'server',
'param' => 'signature',
'pickup_namespace' => 'transaction_id'
},
'auth' => {
'stack' => '_System'
},
'global' => {
'realm' => 'synedra',
'socket' => '/var/openxpki/openxpki.socket'
},
'logger' => {
'log_level' => 'TRACE'
},
'output' => {}
}
[pid=3677|ep=[undef]]
2023/11/29 11:09:36 INF SCEP handler initialized [pid=3677|ep=[undef]]
2023/11/29 11:09:36 DEB Parsed URI: generic => [pid=3677|ep=[undef]]
2023/11/29 11:09:36 DEB Autodetect config file for service scep: generic.conf
[pid=3677|ep=[undef]]
2023/11/29 11:09:36 DEB No config file found, falling back to default
[pid=3677|ep=[undef]]
2023/11/29 11:09:36 DEB added config to cache generic [pid=3677|ep=[undef]]
2023/11/29 11:09:36 DEB Incoming SCEP operation GetCACaps on endpoint generic
[pid=3677|ep=generic]
2023/11/29 11:09:36 DEB Config created [pid=3677|ep=generic]
2023/11/29 11:09:36 TRA Extra params for GetCACaps: {}
[pid=3677|ep=generic]
2023/11/29 11:09:36 DEB Start workflow type scep_getcacaps [pid=3677|ep=generic]
2023/11/29 11:09:36 TRA Workflow Paramters {}
[pid=3677|ep=generic]
2023/11/29 11:09:36 DEB Initialize client [pid=3677|ep=generic]
2023/11/29 11:09:36 DEB Started volatile session with id:
ed6DazyCQ6yy63eXhebBaw== [pid=3677|ep=generic]
2023/11/29 11:09:36 DEB Selecting realm synedra [pid=3677|ep=generic]
2023/11/29 11:09:36 DEB Workflow created (ID: 0), State: SUCCESS
[pid=3677|ep=generic]
2023/11/29 11:09:36 TRA Result of workflow action: {
'workflow' => {
'archive_at' => undef,
'context' => {
'creator' => 'Anonymous',
'output' => 'Renewal
POSTPKIOperation
SHA-512
SHA-384
SHA-256
SHA-224
SHA-1
DES3
AES',
'wf_current_action' => undef,
'workflow_id' => 0
},
'count_try' => 0,
'description' => undef,
'id' => 0,
'label' => undef,
'last_update' => '2023-11-29T10:09:36',
'proc_state' => 'finished',
'reap_at' => 1701252876,
'state' => 'SUCCESS',
'title' => undef,
'type' => 'scep_getcacaps',
'wake_up_at' => undef
}
}
[pid=3677|ep=generic]
2023/11/29 11:09:36 TRA Workflow info {
'archive_at' => undef,
'context' => {
'creator' => 'Anonymous',
'output' => 'Renewal
POSTPKIOperation
SHA-512
SHA-384
SHA-256
SHA-224
SHA-1
DES3
AES',
'wf_current_action' => undef,
'workflow_id' => 0
},
'count_try' => 0,
'description' => undef,
'id' => 0,
'label' => undef,
'last_update' => '2023-11-29T10:09:36',
'proc_state' => 'finished',
'reap_at' => 1701252876,
'state' => 'SUCCESS',
'title' => undef,
'type' => 'scep_getcacaps',
'wake_up_at' => undef
}
[pid=3677|ep=generic]
2023/11/29 11:09:36 TRA Renewal
POSTPKIOperation
SHA-512
SHA-384
SHA-256
SHA-224
SHA-1
DES3
AES [pid=3677|ep=generic]
2023/11/29 11:09:36 DEB Parsed URI: generic => [pid=3677|ep=generic]
2023/11/29 11:09:36 DEB Incoming SCEP operation PKIOperation on endpoint
generic [pid=3677|ep=generic]
2023/11/29 11:09:36 DEB Got PKIOperation via POST [pid=3677|ep=generic]
2023/11/29 11:09:36 TRA Decoded SCEP message
MIIKugYJKoZIhvcNAQcCoIIKqzCCCqcCAQExDzANBglghkgBZQMEAgMFADCCA/0GCSqGSIb3DQEHAaCCA+4EggPqMIID5gYJKoZIhvcNAQcDoIID1zCCA9MCAQAxggJaMIICVgIBADCBvTCBrjELMAkGA1UEBhMCQVQxHzAdBgNVBAMMFnN5bmVkcmEgTDIgb3BlblhQS0kgQ0ExEjAQBgNVBAcMCUlubnNicnVjazEuMCwGA1UECgwlc3luZWRyYSBpbmZvcm1hdGlvbiB0ZWNobm9sb2dpZXMgR21iSDELMAkGA1UECwwCSVQxDjAMBgNVBAgMBVRpcm9sMR0wGwYJKoZIhvcNAQkBFg5pdEBzeW5lZHJhLmNvbQIKGP8SejDjexXtRDANBgkqhkiG9w0BAQEFAASCAYBnC9pj+HHpknitwTkgNyXt59Jp+b/tSy7WK77YnuHGniQfEQPgWiZFlpK8PAl6uSCw6F5Pobphq12HkGk4s5mt5/yF9EVX3tnwGxrxTJx9rJjpwqHhOiVEkUMRXvIAIpquN/NDAN6pAfpTx0hGp1MQUJVy53M5y43Mtr0FYHENmK1C1yh3bDRqLWRIurUR03sLVXnJdsudb/obFl9TkQ/+OIamaIr80F1i261es/vr2dVLWQhAVc92Rn+3dwe06r7nsEjIijOlu/SnfYGGB8CuTnd9xtf9A2xCdS4SJtUgyF9cxnqD8JbzngVEDjv4nhVZvxeFRDdxU6qRe3M/Zf0Nry+j8PYFE1y5qEOrTfwqAnvZVQ8jWQLZstCS24oWFM87sK+5EXgccOu0hGV/deZ+2nI2Sn3gOuSDBF1CC9NPliEefIgstkTd9kR1qPBHyrxFQrD01quLUWI9Gwebc7zoacetmMXIc4YXHNTF7D/uUWcLmeImKC5I/+bVqtqYziswggFuBgkqhkiG9w0BBwEwHQYJYIZIAWUDBAECBBBoOI91iPsUckdiYnvaRUpMgIIBQDf+vPjT7S2m+r/esq8UXtQ/4GwrSIqyRoLuyVMDzSh8s6WL/2KHtm6EVSsl4PXbeZREeiVD87LptEdWs+JZn6vhb+WgsrsQrZcbLUAy0qQZCmzritwfeDS7hvKrWC4wyRDFtu+upjC7BtAUQr5OwlQOLEfTzncPqPMZLcaMlTP8xIWF7FBa6qLpfvxs74y7iI86EQag5CZBQmsgu+oqcnDWI44FFEZH0x9W/LynVQ8MABfzteoXv5lU3sgvplOOeDptgpjg34OFMQeESwzrpjP/996PQQYhVSXIknZ0KYSmZCJsMgagtJ8fPSTHPjIpdw9vz5zefQuCgQbQ9WoEXE90W6f6tW4qzLX4ZyWDjVbYTv5d2He4hFqHPwVAeVFW6HA+47YU07NDy6/WcnKDiP2hd27O617bBJcugwo6LUCSoIIDuDCCA7QwggKcoAMCAQICIDIwQjlBMUZBQzRCRjVDNzgxRTJCNkMwMkVBNTE5N0YAMA0GCSqGSIb3DQEBDQUAMIGNMQswCQYDVQQGEwJBVDEOMAwGA1UECAwFVGlyb2wxEjAQBgNVBAcMCUlubnNicnVjazEuMCwGA1UECgwlc3luZWRyYSBpbmZvcm1hdGlvbiB0ZWNobm9sb2dpZXMgR21iSDELMAkGA1UECwwCSVQxHTAbBgNVBAMMFHpmcy10ZXN0LnN5bmVkcmEubGFuMB4XDTIzMTEyOTEwMDkzNloXDTIzMTIwNTEyMDkzNlowgY0xCzAJBgNVBAYTAkFUMQ4wDAYDVQQIDAVUaXJvbDESMBAGA1UEBwwJSW5uc2JydWNrMS4wLAYDVQQKDCVzeW5lZHJhIGluZm9ybWF0aW9uIHRlY2hub2xvZ2llcyBHbWJIMQswCQYDVQQLDAJJVDEdMBsGA1UEAwwUemZzLXRlc3Quc3luZWRyYS5sYW4wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDT4PGmbqtimPo2wH3HK+ulgcFvxoqrix8+MG9cvMdzUrS+aQ6RnOTNm9kUdt9NdAhAa+rk526D487zqoCpB0naz8I2rh/epqZYeCKNarvmhgw/ieENd0Zjpc+16j2u9bg8MC4QE8EyPKWsMK4X9CyTzYNM0Z+LsdkvRpY0Ign2+zVfrMZHMQrnjz16/QPzT8p6qwsh8IKjn2P0H8IWWDkfYm91mMOAJxv3puQsTuYn6TFcQFFUXE6sCoDdFEYqR044YV+P3aBYEJAWTPl7hEVwUh39VDk1MgzP+1aotjdYfa2Ni+m1vTO/2wbM2KZBxNYbsmODuDWqNrHfHYVdMmsbAgMBAAEwDQYJKoZIhvcNAQENBQADggEBAAlos20bWcizHzptWMHPoivIJnzZsN3ZnaETEXMvhRW1FYmk63bXB+4ApGlUCYoZ5ZHAfMojM4Hj5W7H7/ViPOIRCbE4kfURf8h5SBu+7QjDXoXfSOzdM15W7baM3PnUltsW6YJknuRA1VkbF06r6XBOJ1BLtLtkbwlJ9bbFUfhahMMBsTrrc/TVTZL/xCi0srFEZxj70FtG6LdStbdxgA1Q2/9eAg/nWv1QKqThi8hy/z4mmSKmuR0ANbVaYnaShN+v3EbJfA4/5LxLaYEhWAm9/zB9s/bVHGheyWIPReWUOXpkn/YHTExHv8xp6xWszp5pyoWUzTyh443wXAVJenQxggLSMIICzgIBATCBsjCBjTELMAkGA1UEBhMCQVQxDjAMBgNVBAgMBVRpcm9sMRIwEAYDVQQHDAlJbm5zYnJ1Y2sxLjAsBgNVBAoMJXN5bmVkcmEgaW5mb3JtYXRpb24gdGVjaG5vbG9naWVzIEdtYkgxCzAJBgNVBAsMAklUMR0wGwYDVQQDDBR6ZnMtdGVzdC5zeW5lZHJhLmxhbgIgMjBCOUExRkFDNEJGNUM3ODFFMkI2QzAyRUE1MTk3RgAwDQYJYIZIAWUDBAIDBQCggfEwEgYKYIZIAYb4RQEJAjEEEwIyMDAYBgkqhkiG9w0BCQMxCwYJKoZIhvcNAQcBMBwGCSqGSIb3DQEJBTEPFw0yMzExMjkxMDA5MzZaMCAGCmCGSAGG+EUBCQUxEgQQHMRZ1A01JipV/sgpuPzD9DAwBgpghkgBhvhFAQkHMSITIDIwQjlBMUZBQzRCRjVDNzgxRTJCNkMwMkVBNTE5N0YxME8GCSqGSIb3DQEJBDFCBECGQTL1rBSdXMHEDSuIt4l9Iw8WARes6aMW85Do4zk8pP3/yCp4uPxMgH2j9HE+jYejxgIV3deYjVLfOaFF2l8QMA0GCSqGSIb3DQEBAQUABIIBAF/AglIMJDyxTxXkQPNmFr6g9ESw2tgvAVlYLxc5WZyViAOsD19PgCTrRg8jPuMG56ItyJfmbL0jLR+DXysWmvURCyDotqBhBOVdo30JNHBPmjN3/N6ZOul2ybv329NyAIIP3H2urZLTsRvv+PsbdWdjGdJJWLuN4I8sByeC9mOL8D41AwjSvXzZ431wN0ROGnfj4nAupa6VKB4TAaakSbJ2qFTj1ZlZvY93D7Q8TwFYFQFaJKmqXFL51tiU/3XVjCPxZTgXmwlStuIemDTAkdMMOWU7eAl5EX2FIR1hLh1a2mB2Tq4qAVNCCMwFDu78gomsDJ1vVsrk9nyUpNCByGY=
[pid=3677|ep=generic]
2023/11/29 11:09:36 DEB Config created [pid=3677|ep=generic]
2023/11/29 11:09:36 DEB Initialize client [pid=3677|ep=generic]
2023/11/29 11:09:36 DEB Started volatile session with id:
HLfO6prmTmC1IRtMSWAl2w== [pid=3677|ep=generic]
2023/11/29 11:09:36 DEB Selecting realm synedra [pid=3677|ep=generic]
2023/11/29 11:09:36 TRA {
'alias' => 'ratoken-1',
'digest_alg' => 'sha512',
'enc_alg' => 'aes-128-cbc',
'key_alg' => 'rsaEncryption',
'message_type' => 'GetCertInitial',
5&*U\x{fe}\x{c8})\x{b8}\x{fc}\x{c3}\x{f4}",
'signer' => '<removed>',
'transaction_id' => '20B9A1FAC4BF5C781E2B6C02EA5197F1'
}
[pid=3677|ep=generic]
2023/11/29 11:09:36 DEB Handle enrollment [pid=3677|ep=generic]
2023/11/29 11:09:36 TRA Found env keys server [pid=3677|ep=generic]
2023/11/29 11:09:36 TRA Extra params for PKIOperation: {
'interface' => 'scep',
'server' => 'generic'
}
[pid=3677|ep=generic]
2023/11/29 11:09:36 DEB Adding extra params for message type GetCertInitial
[pid=3677|ep=generic]
2023/11/29 11:09:36 TRA {
'interface' => 'scep',
'pkcs10' => '',
'server' => 'generic',
'signer_cert' => '<removed>',
'transaction_id' => '20B9A1FAC4BF5C781E2B6C02EA5197F1'
}
[pid=3677|ep=generic]
2023/11/29 11:09:36 TRA {
'env' => 'server',
'param' => 'signature',
'pickup' => 'pkcs10',
'pickup_attribute' => 'transaction_id',
'pickup_namespace' => 'transaction_id',
'workflow' => 'certificate_enroll'
}
[pid=3677|ep=generic]
2023/11/29 11:09:36 DEB Pickup via datapool with transaction_id =>
20B9A1FAC4BF5C781E2B6C02EA5197F1 [pid=3677|ep=generic]
2023/11/29 11:09:36 TRA No pickup as no result found [pid=3677|ep=generic]
2023/11/29 11:09:36 DEB Initialize certificate_enroll with params pkcs10,
transaction_id, server, signer_cert, interface [pid=3677|ep=generic]
2023/11/29 11:09:36 ERR I18N_OPENXPKI_UI_VALIDATOR_FIELD_TYPE_INVALID
[pid=3677|ep=generic]
2023/11/29 11:09:36 TRA {
'ERROR' => {
'CLASS' => 'OpenXPKI::Exception::InputValidator',
'ERRORS' => [
{
'error' => 'I18N_OPENXPKI_UI_VALIDATOR_EMPTY_BUT_REQUIRED',
'name' => 'pkcs10'
}
],
'LABEL' => 'I18N_OPENXPKI_UI_VALIDATOR_FIELD_TYPE_INVALID',
'PARAMS' => {}
},
'SERVICE_MSG' => 'ERROR'
}
[pid=3677|ep=generic]
2023/11/29 11:09:36 INF Input validation failed [pid=3677|ep=generic]
2023/11/29 11:09:36 DEB Status: 400 Missing or invalid parameters
[pid=3677|ep=generic]
2023/11/29 11:09:36 TRA bless( {
'error' => 40004,
'workflow' => {}
}, 'OpenXPKI::Client::Service::Response' )
[pid=3677|ep=generic]
2023/11/29 11:09:36 WAR Client error / malformed request badRequest
[pid=3677|ep=generic]
2023/11/29 11:09:36 TRA <removed>
[pid=3677|ep=generic]
2023/11/29 11:09:36 INF Disconnect client [pid=3677|ep=generic]_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
