[Pki-users] base64 CMC Request format

Elliott William C OSS sIT WilliamC.Elliott at s-itsolutions.at
Thu Oct 3 06:47:30 UTC 2013 

We already use CMC enrollment (using profile caFullCMCUserCert) remotely from a RedHat system. It works without a hitch.  It requires (ala Docu) converting the requests to binary format with AtoB before sending them on with HttpClient to the CMC servlet (/ca/ee/ca/profileSubmitCMCFull), and then receiving the (binary-encoded) response.  

When the card management system under windows sends a request - it is base64-encoded.  The CA cannot parse it and the authentication fails:

[02/Oct/2013:14:03:26][http-9543-3]: SignedAuditEventFactory: create() message=[AuditEvent=CMC_SIGNED_REQUEST_SIG_VERIFY][SubjectID=$NonRoleUser$][Outcome=Failure][ReqType=$Unidentified$][CertSubject=$Unidentified$][SignerInfo=$Unidentified$] agent pre-approved CMC request signature verification

Best regards,
Bill Elliott

-----Ursprüngliche Nachricht-----
Von: pki-users-bounces at redhat.com [mailto:pki-users-bounces at redhat.com] Im Auftrag von Andrew Wnuk
Gesendet: Mittwoch, 02. Oktober 2013 21:07
An: pki-users at redhat.com
Betreff: Re: [Pki-users] base64 CMC Request format [heur]

On 10/02/2013 11:26 AM, Elliott William C OSS sIT wrote:
> Hi all,
>
> Can Dogtag (in this case v. 9.0.3-30.el6 ) be coerced into accepting base64-encoded CMC requests? Is there a parameter somewhere? Or would it require reprogramming?
>
> We have a (smart-)card management system (runs under Windows) which sends the requests and expects the responses to both be base64 encoded.
>
>      Thanks and best regards,
>
>      William Elliott
>      s IT Solutions
>      Open System Services
>
>
>
>
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
Check profiles/ca/caCMCUserCert.cfg profile.
You may also check 
https://access.redhat.com/site/documentation/en-US/Red_Hat_Certificate_System/8.1/html/Admin_Guide/CertProfileReference.html#CMC_Certificate_Request_Input
and 
https://access.redhat.com/site/documentation/en-US/Red_Hat_Certificate_System/8.1/html/Admin_Guide/Setting_up_CMC_Enrollment.html

Andrew

_______________________________________________
Pki-users mailing list
Pki-users at redhat.com
https://www.redhat.com/mailman/listinfo/pki-users

More information about the Pki-users mailing list