[Pki-users] Approve Certificate Request with curl
Perig Bouenou
pseite35 at gmail.com
Mon Feb 8 15:51:22 UTC 2021
Hi,
Thanks for the hint. Now, I make with curl the same queries than "a pki -U
http://dogtag.org:8080 -C nss_pwd -n caadmin ca-cert-request-review 8
--action approve" (I'm using unsecure port to be able to capture
unencrypted queries to the API):
I start with a login and a review to get a nonce:
curl -s --cert-type P12 --cert ca_admin_cert.p12:<pkc12pwd>
https://dogtag.org:8443/ca/rest/account/login
curl -s -H "Accept: application/xml" --cert-type P12 --cert
ca_admin_cert.p12:<pkc12pwd>
https://dogtag.org:8443/ca/rest/agent/certrequests/08 | xmllint --format -
> 08.xml
The nonce is well generated:
$ grep nonce 08.xml
<nonce>-8605088983470492766</nonce>
Then, I do a curl/POST to /ca/rest/agent/certrequests/8/approve, but the
request returns the error "Nonce for cert-request 8 does not exist"
curl -X POST --cert-type P12 --cert ca_admin_cert.p12:<pkc12pwd>
https://dogtag.org:8443/ca/rest/agent/certrequests/8/approve --header
"Content-Type:application/xml" -H "Accept: application/json"
{
"Attributes": {
"Attribute": []
},
"ClassName": "com.netscape.certsrv.base.BadRequestException",
"Code": 400,
"Message": "Nonce for cert-request 8 does not exist"
}
Something is missing... any ideas?
BR
Le jeu. 4 févr. 2021 à 23:38, Marc Sauton <msauton at redhat.com> a écrit :
> or use the pki command like tool with the option ca-cert-request-review :
> https://github.com/dogtagpki/pki/wiki/Handling-Certificate-Request
> for example:
> pki -U https://ca1.example.test:8443/ca -d ~/.dogtag/subca1 -C
> ~/.dogtag/subca1/pwdfile.txt -n caadmin ca-cert-request-review 1011
> --action approve
>
> and after successful authentication, the URI is in the form
> of /ca/rest/agent/certrequests/xx/approve
> where xx is the request id
> it is a HTTPS POST operation
>
> Thanks,
> M.
>
>
> On Thu, Feb 4, 2021 at 1:43 AM Perig Bouenou <pseite35 at gmail.com> wrote:
>
>> Hello
>>
>>
>> I'm trying to approve certificate requests by using curl as in
>> https://github.com/dogtagpki/pki/wiki/PKI-CA-Approve-Certificate-Request-REST-API
>>
>> I manage to submit certificate requests by posting an xml request
>> template, I can retrieve the list of requests, the curl command for a
>> review works fine, but I'm stuck with approval by using curl (I can approve
>> CSR with pki tool but I still don't know do the same with curl).
>>
>> BTW, here is my command for reviewing request:
>>
>> curl -ks -X GET --cert-type P12 --cert ca_admin_cert.p12:<password>
>> https://dogtag.server:8443/ca/rest/agent/certrequests/08 --header
>> "Content-Type:application/xml" | xmllint --format -
>>
>>
>> Can someone tell me what's the correct curl command to approve cr? or is
>> there any example of request approval (with curl) somewhere? or even
>> something more detailed than
>> https://github.com/dogtagpki/pki/wiki/PKI-CA-Approve-Certificate-Request-REST-API
>> ?
>>
>> PS: I had a look at the JAVA API (
>> https://github.com/dogtagpki/pki/wiki/PKI-CA-Java-API#approving-a-certificate-request)
>> but it didn't help me so much.
>>
>> Regards,
>> Pier
>> _______________________________________________
>> Pki-users mailing list
>> Pki-users at redhat.com
>> https://www.redhat.com/mailman/listinfo/pki-users
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20210208/1c306faf/attachment.htm>
More information about the Pki-users
mailing list