[Pki-users] Approve Certificate Request with curl

Perig Bouenou pseite35 at gmail.com
Mon Feb 8 15:57:08 UTC 2021 

BTW, it is similar issue than raised in
https://www.redhat.com/archives/pki-users/2019-May/msg00002.html ...

Le lun. 8 févr. 2021 à 16:51, Perig Bouenou <pseite35 at gmail.com> a écrit :

> Hi,
>
> Thanks for the hint. Now, I make with curl the same queries than "a pki -U
> http://dogtag.org:8080 -C nss_pwd -n caadmin ca-cert-request-review 8
> --action approve"  (I'm using unsecure port to be able to capture
> unencrypted queries to the API):
>
> I start with a login and a review to get a nonce:
>
> curl -s --cert-type P12 --cert ca_admin_cert.p12:<pkc12pwd>
> https://dogtag.org:8443/ca/rest/account/login
> curl -s -H "Accept: application/xml" --cert-type P12 --cert
> ca_admin_cert.p12:<pkc12pwd>
> https://dogtag.org:8443/ca/rest/agent/certrequests/08 | xmllint --format
> - > 08.xml
>
> The nonce is well generated:
>
> $ grep nonce 08.xml
>   <nonce>-8605088983470492766</nonce>
>
> Then, I do a curl/POST to /ca/rest/agent/certrequests/8/approve, but the
> request returns the error "Nonce for cert-request 8 does not exist"
>
> curl -X POST  --cert-type P12 --cert ca_admin_cert.p12:<pkc12pwd>
> https://dogtag.org:8443/ca/rest/agent/certrequests/8/approve --header
> "Content-Type:application/xml" -H "Accept: application/json"
> {
>   "Attributes": {
>     "Attribute": []
>   },
>   "ClassName": "com.netscape.certsrv.base.BadRequestException",
>   "Code": 400,
>   "Message": "Nonce for cert-request 8 does not exist"
> }
>
> Something is missing... any ideas?
>
> BR
>
> Le jeu. 4 févr. 2021 à 23:38, Marc Sauton <msauton at redhat.com> a écrit :
>
>> or use the pki command like tool with the option ca-cert-request-review :
>> https://github.com/dogtagpki/pki/wiki/Handling-Certificate-Request
>> for example:
>> pki -U https://ca1.example.test:8443/ca -d ~/.dogtag/subca1 -C
>> ~/.dogtag/subca1/pwdfile.txt -n caadmin ca-cert-request-review 1011
>> --action approve
>>
>> and after successful authentication, the URI is in the form
>> of /ca/rest/agent/certrequests/xx/approve
>> where xx is the request id
>> it is a HTTPS POST operation
>>
>> Thanks,
>> M.
>>
>>
>> On Thu, Feb 4, 2021 at 1:43 AM Perig Bouenou <pseite35 at gmail.com> wrote:
>>
>>> Hello
>>>
>>>
>>> I'm trying to approve certificate requests by using curl as in
>>> https://github.com/dogtagpki/pki/wiki/PKI-CA-Approve-Certificate-Request-REST-API
>>>
>>> I manage to submit certificate requests by posting an xml request
>>> template, I can retrieve the list of requests, the curl command for a
>>> review works fine, but I'm stuck with approval by using curl (I can approve
>>> CSR with pki tool but I still don't know do the same with curl).
>>>
>>> BTW, here is my command for reviewing request:
>>>
>>> curl -ks -X GET  --cert-type P12 --cert ca_admin_cert.p12:<password>
>>> https://dogtag.server:8443/ca/rest/agent/certrequests/08 --header
>>> "Content-Type:application/xml" |  xmllint --format -
>>>
>>>
>>> Can someone tell me what's the correct curl command to approve cr? or is
>>> there any example of request approval (with curl) somewhere? or even
>>> something more detailed than
>>> https://github.com/dogtagpki/pki/wiki/PKI-CA-Approve-Certificate-Request-REST-API
>>> ?
>>>
>>> PS: I had a look at the JAVA API (
>>> https://github.com/dogtagpki/pki/wiki/PKI-CA-Java-API#approving-a-certificate-request)
>>> but it didn't help me so much.
>>>
>>> Regards,
>>> Pier
>>> _______________________________________________
>>> Pki-users mailing list
>>> Pki-users at redhat.com
>>> https://www.redhat.com/mailman/listinfo/pki-users
>>
>>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/pki-users/attachments/20210208/d8608c80/attachment.htm>

More information about the Pki-users mailing list