Hi,
> I wish to configure the OCSP to work with openxpki using openssl (ocsp
> option) responder
> I failed doing so , my latest attempt included the following
> 1.
> Apache config
> File : openxpki-config/contrib/apache2-openxpki-site.conf
...
> # Enable OCSP endpoint using FastCGI
> ScriptAlias /ocsp /etc/openxpki/local/ocsp.fcgi
> <Location /ocsp>
> SetHandler fcgid-script
...
> Added script :
> File : openxpki-docker/openxpki-config/local/ocsp.fcgi
> Content : #!/usr/bin/perl
> use strict;
> use warnings;
> use OpenXPKI::Control::Server::CGI;
> # Run the OCSP handler
> my $handler = OpenXPKI::Control::Server::CGI->new({
> action => 'handle_ocsp_request',
> realm => 'democa',
> config => '/etc/openxpki/config.d/',
> cert => '/etc/openxpki/local/certs/ocsp-signer.crt',
> key => '/etc/openxpki/local/keys/ocsp-signer-1.pem',
> });
> $handler->run();
...
> file : openxpki-docker/openxpki-config/config.d/realm/democa/crypto.yaml
> Content :
>
> type:
> certsign: ca-signer
> datasafe: vault
> cmcra: ratoken
> scep: ratoken
> ocsp: ocsp-signer #<----
> token:
> ….
> ocsp-signer: # <-- Add this block
> inherit: default
> key_store: OPENXPKI
> key: /etc/openxpki/local/keys/ocsp-signer-1.pem
> secret: ocsp-signer
...
> the restart of the docker comose services gives lots of errors :
>
> openxpki-server-1 | Error writing log message to database: Database error:
> execution of SQL query failed; __dbi_error__ => Incorrect string value:
> '\x82\x11\x0F\x02\x01\x03...' for column
> `openxpki`.`application_log`.`message` at row 1, __dsn__ =>
> dbi:mysql:database=openxpki, __query__ => INSERT INTO application_log (
> application_log_id, category, logtimestamp, message, priority, workflow_id)
> VALUES ( ?, ?, ?, ?, ?, ? ), __source__ => DBD::mysql::st::execute, __user__
> => openxpki
...
> can you assist me to fix or suggest easier way to implement the ocsp feature ?
This is a highly entertaining and quite plausible looking AI hallucination that
looks like it *should* work.
However, it doesn't, because the OpenXPKI Community Edition does not include an
OCSP server.
A high performance OCSP responder is available as an optional module for
OpenXPKI Enterprise Edition. If you do require OCSP for your environment or if
you would like to learn more about OpenXPKI Enterprise Edition and our
expertise in professional designing and implementing professional and customer
specific PKI environments please get in touch with White Rabbit Security.
Cheers
Martin
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
