From f.leprich at finestwebs.net Mon May 24 13:12:16 2021 From: f.leprich at finestwebs.net (Frank Leprich) Date: Mon, 24 May 2021 13:12:16 +0200 Subject: [rs-users] mo_csr - how to send a csr over website Message-ID: <5b978af820bb8a6d3806ef59cad6fa80@finestwebs.net> Hi all, I am trying to send a csr against the mod_csr over a website. I can not figure out the right textarea name like "subject-*" (nid). my form: my request: -----BEGIN CERTIFICATE REQUEST----- MIICYDCCAUgCAQAwGzELMAkGA1UEBhMCREUxDDAKBgNVBAMMA2ZkYjCCASIwDQYJ KoZIhvcNAQEBBQADggEPADCCAQoCggEBAKGdu5R6nvNFjyHpSknQnolKfRH0a4oe uSlk3tnUM1klymbhyL3zKZ4/4us8S4xeE0HhQBpIm/NsFamIJLjZtt87cM/dAZff HYfjLC97j/aWgTT3DJNyiSakZv8f35QcQPRO6KDH5kKP13+CI+4NIeOQ9GgAcaMz LTHfWxBQ0uJwsk5Qr18yt+TWwuqewQid0LEPUrtKbbpwvrMHeBtBD8G7kB1GVvXB iULODfU5QT1Aj0qnrDYEOWCICqLl3/1W4mzOME1bXfoNKpbp3mwp77u5Wguu5fBj r7UIG5RmngdWcFfuVEWmZEP9Ekk983i/FU+iGrGYPSHpbw+q+b53PWkCAwEAAaAA MA0GCSqGSIb3DQEBCwUAA4IBAQCS62J8vrJaqaMDbsZSbrrSnU9gc3jYgaYcVRRH oAu3hSA7jwSR3sTeGi3LZy53Uo1+sd0YgfBTf3+waobg0JyCI7lBaRyKSEbTBXV2 UreLFE13ZRfr98lvswWj3wMEOerduhe/ugd98NCL+2jf0QcC3n1K8agsLhb2sDp0 hKF+WNs4EqPhDxJgzfhDFzh4cYW20l9jMLA1Bhr4IVuInqYBc4OwNFMSSXAv29rb YDqAYlQVxZ8slWda7eazaWdYEu+uclaBGOOsaZgToQS+T+CVaUYx/b25hlA+7PLb qdVjQ3DzPwnChpdPV3WSgoDHEF2v1GudjnEadvxUsnq1NIow -----END CERTIFICATE REQUEST----- my apache conf: CASimpleCertificate /etc/pki/ca/ca-root.pem CASimpleKey /etc/pki/ca/ca-root.key.pub CASimpleTime on CASimpleSerialRandom on CADiskCertificateSignRequestPath /etc/pki/ca/certs/ CADiskCertificateByTransactionPath /etc/pki/ca/certs/ CACRLCertificateRevocationList /etc/pki/ca/crl-root.pem SetHandler crl CrlEncoding der SetHandler csr # use subject from the certificate sign request unmodified CsrSubjectRequest * SetHandler ocsp OcspSigningCertificate /etc/pki/ca/ocsp.pem OcspSigningKey /etc/pki/ca/ocsp.key SetHandler timestamp TimestampSigningCertificate /etc/pki/ca/tsa.pem TimestampSigningKey /etc/pki/ca/tsa.key TimestampDigest SHA256 TimestampDefaultPolicy 0.4.0.2023.1.1 TimestampTsaName on TimestampClockPrecisionDigits 0 CASimpleSerialRandom on CASimpleTime on ocsp and timestamp just work fine. thanks for your help in advance. Frank -- Frank Leprich Carl-Blechen-Str. 1 03226 Vetschau From minfrin at redwax.eu Mon May 24 16:59:04 2021 From: minfrin at redwax.eu (Graham Leggett) Date: Mon, 24 May 2021 16:59:04 +0200 Subject: [rs-users] mo_csr - how to send a csr over website In-Reply-To: <5b978af820bb8a6d3806ef59cad6fa80@finestwebs.net> References: <5b978af820bb8a6d3806ef59cad6fa80@finestwebs.net> Message-ID: <0F892EF1-7C6A-440A-AA9E-22CADAB048D0@redwax.eu> On 24 May 2021, at 13:12, Frank Leprich via rs-users wrote: > I am trying to send a csr against the mod_csr over a website. > I can not figure out the right textarea name like "subject-*" (nid). > > my form: > > > > SetHandler csr > # use subject from the certificate sign request unmodified > CsrSubjectRequest * > > Can you confirm what happens if you specify an exact value rather than a wildcard, like this: CsrSubjectRequest CN In other words, after sending "subject-CN? in your form, does it get picked up? I suspect the wildcard is not doing what it is supposed to. Regards, Graham ? From f.leprich at finestwebs.net Mon May 24 21:04:52 2021 From: f.leprich at finestwebs.net (Frank Leprich) Date: Mon, 24 May 2021 21:04:52 +0200 Subject: [rs-users] mo_csr - how to send a csr over website In-Reply-To: <0F892EF1-7C6A-440A-AA9E-22CADAB048D0@redwax.eu> References: <5b978af820bb8a6d3806ef59cad6fa80@finestwebs.net> <0F892EF1-7C6A-440A-AA9E-22CADAB048D0@redwax.eu> Message-ID: <2059a8d88414f18d94dd76c3f856098e@finestwebs.net> Hey Graham, I think the wildcard works, because the response includes the whole csr. But I think getting further due to studying the mod_csr source. I am a linux admin with pki experience, not a c developer :) Anyway, I hope to run the redwax projekt properly. I configured this now: SetHandler csr # use subject from the certificate sign request unmodified #CsrSubjectRequest * CsrSubjectRequest CN CsrParamPkcs10 csr So the send gives: Bad Request Your browser sent a request that this server could not understand. Disk: mod_ca frontend did not supply a transaction ID, it is required How do I have to activate transaction ID ? Regards, Frank Am 2021-05-24 16:59, schrieb Graham Leggett: > On 24 May 2021, at 13:12, Frank Leprich via rs-users > wrote: > >> I am trying to send a csr against the mod_csr over a website. >> I can not figure out the right textarea name like "subject-*" (nid). >> >> my form: >> > >> >> >> SetHandler csr >> # use subject from the certificate sign request unmodified >> CsrSubjectRequest * >> >> > > Can you confirm what happens if you specify an exact value rather than > a wildcard, like this: > > CsrSubjectRequest CN > > In other words, after sending "subject-CN? in your form, does it get > picked up? > > I suspect the wildcard is not doing what it is supposed to. > > Regards, > Graham > ?