On Tue, April 2, 2024 16:02, James B. Byrne wrote:
> I extracted the PEM format certificate and attempted to import it:
>
> openssl crl2pkcs7 -nocrl -certfile hllcerts/20160001.pem \
> | openssl pkcs7 -print_certs \
> | awk '/BEGIN CERTIFICATE/,/END CERTIFICATE/' \
> > bare_20160001.pem
>
> openxpkicli import_certificate --realm hll_ca2016 --filearg
> data=bare_20160001.pem
> Error: Certificate already exists in database
>
> Now, the problem is I cannot find that certificate to delete it. I presume
> that something I did earlier put the certificate into the global space as I
> cannot find it in either the democa or hll_ca2016 realms.
I used:
'openxpkicli --realm hll_ca2016 --arg pki_realm=_any search_cert'
and also with 'search_cert_count'. Thereby I discovered that there are 117
certificates loaded of which 111 are identified as belonging to the
'hll_ca2016' realm.
This is what I wished to achieve . In webui I can search for these
certificates by issuer_identifier. But what I wish for is a complete list of
all certificates recorded for the hll_ca2016 realm. The search instructions
state:
Given string must match as a substring on the full distinguished name.
Now I have this certificate returned by search_cert:
{
"cert_key" : "538312751",
"identifier" : "U8IrhuCjKORGlK3LUUALWAYmiK8",
"issuer_dn" : "DC=ca,DC=harte-lyne,C=CA,ST=Ontario,L=Hamilton,O=Harte &
Lyne Limited,OU=Networked Data Services,CN=CA_HLL_ISSUER_2016",
"issuer_identifier" : "Yh03GEV0ZGEqIGMf-fxZ3lErPmk",
"notafter" : 1638316799,
"notbefore" : 1477958400,
"pki_realm" : "hll_ca2016",
"status" : "ISSUED",
"subject" :
"DC=ca,DC=harte-lyne,DC=hamilton,C=CA,ST=Ontario,L=Hamilton,O=Harte &
Lyne Limited,OU=Networked Data
Systems,CN=dbms-pgsql.hamilton.harte-lyne.ca"
},
The full DN appears to be:
"DC=ca,DC=harte-lyne,C=CA,ST=Ontario,L=Hamilton,O=Harte & Lyne
Limited,OU=Networked Data Services,CN=CA_HLL_ISSUER_2016"
So, I entered the following search values, none of which returned nay
certificates:
DC=ca,DC=harte-lyne,DC=hamilton,C=CA,ST=Ontario,L=Hamilton,O=Harte & Lyne
Limited,OU=Networked Data Systems,CN=dbms-pgsql.hamilton.harte-lyne.ca
CN=dbms-pgsql.hamilton.harte-lyne.ca (with and without a trailing comma)
*
Two questions:
1. What is wrong with the query values I am providing so that no records are
found?
2. how does one get a complete certificate list inside webui?
Thanks,
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
Unencrypted messages have no legal claim to privacy
Do NOT open attachments nor follow links sent by e-Mail
James B. Byrne mailto:[email protected]
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
