Just as an update to this; updated to the master branch and was able to import
the apnic response without issue.
Cheers,
Chris
On 2020-03-31 3:07 p.m., Christopher Munz-Michielin via RPKI wrote:
Thanks for the information Tim.
I will give the master branch a try in the coming days and see how it goes.
Cheers,
Chris
On 2020-03-31 12:18 p.m., Tim Bruijnzeels wrote:
Hi Christopher,
This is because krill insists that the ID certificates be self signed. The RFC
says things should be self signed but it’s not really an issue. So, we put in a
change for this in 0.5.0 but overlooked one additional check.
This is fixed in the master branch if you are okay with living on the edge a
bit. Otherwise we are planning to do the 0.6.0 release next week.
Kind regards
Tim
Sent from my iPhone
On 31 Mar 2020, at 19:45, Christopher Munz-Michielin via RPKI
<[email protected]> wrote:
Hello,
Trying to get Krill setup with my APNIC account, I've successfully submitted my identity
file to APNIC and receivied the parent response, however, once I attempt to import the
response krill just kicks back "Invalid RFC8183 XML: Invalid identity certificate:
validation error"
The response I got back from APNIC looks alright:
<?xml version="1.0"?>
<oob:parent_response xmlns:oob="http://www.hactrn.net/uris/rpki/rpki-setup/"; version="1"
service_uri="http://rpki.apnic.net/up-down/APNIC-AP/"; parent_handle="APNIC-AP"
child_handle="A912C8360000"><oob:parent_bpki_ta>MII....
</oob:parent_bpki_ta></oob:parent_response>
Though the oob: stuff looks a little strange. I tried removing it but get the
same error.
This is the command I am attempting to run:
krillc parents add remote --parent apnic --rfc8183 ./response.xml --ca FRC-CA
I have also tried via the webGUI but it just kicks back "error 400"
Krill version is 0.5.0
Anyone managed to get krill working with APNIC?
--
RPKI mailing list
[email protected]
https://lists.nlnetlabs.nl/mailman/listinfo/rpki
--
RPKI mailing list
[email protected]
https://lists.nlnetlabs.nl/mailman/listinfo/rpki
