[Pki-users] base64 CMC Request format
Elliott William C OSS sIT
WilliamC.Elliott at s-itsolutions.at
Thu Oct 3 06:47:30 UTC 2013
We already use CMC enrollment (using profile caFullCMCUserCert) remotely from a RedHat system. It works without a hitch. It requires (ala Docu) converting the requests to binary format with AtoB before sending them on with HttpClient to the CMC servlet (/ca/ee/ca/profileSubmitCMCFull), and then receiving the (binary-encoded) response.
When the card management system under windows sends a request - it is base64-encoded. The CA cannot parse it and the authentication fails:
[02/Oct/2013:14:03:26][http-9543-3]: SignedAuditEventFactory: create() message=[AuditEvent=CMC_SIGNED_REQUEST_SIG_VERIFY][SubjectID=$NonRoleUser$][Outcome=Failure][ReqType=$Unidentified$][CertSubject=$Unidentified$][SignerInfo=$Unidentified$] agent pre-approved CMC request signature verification
Best regards,
Bill Elliott
-----Ursprüngliche Nachricht-----
Von: pki-users-bounces at redhat.com [mailto:pki-users-bounces at redhat.com] Im Auftrag von Andrew Wnuk
Gesendet: Mittwoch, 02. Oktober 2013 21:07
An: pki-users at redhat.com
Betreff: Re: [Pki-users] base64 CMC Request format [heur]
On 10/02/2013 11:26 AM, Elliott William C OSS sIT wrote:
> Hi all,
>
> Can Dogtag (in this case v. 9.0.3-30.el6 ) be coerced into accepting base64-encoded CMC requests? Is there a parameter somewhere? Or would it require reprogramming?
>
> We have a (smart-)card management system (runs under Windows) which sends the requests and expects the responses to both be base64 encoded.
>
> Thanks and best regards,
>
> William Elliott
> s IT Solutions
> Open System Services
>
>
>
>
> _______________________________________________
> Pki-users mailing list
> Pki-users at redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
Check profiles/ca/caCMCUserCert.cfg profile.
You may also check
https://access.redhat.com/site/documentation/en-US/Red_Hat_Certificate_System/8.1/html/Admin_Guide/CertProfileReference.html#CMC_Certificate_Request_Input
and
https://access.redhat.com/site/documentation/en-US/Red_Hat_Certificate_System/8.1/html/Admin_Guide/Setting_up_CMC_Enrollment.html
Andrew
_______________________________________________
Pki-users mailing list
Pki-users at redhat.com
https://www.redhat.com/mailman/listinfo/pki-users
More information about the Pki-users
mailing list