Closed gezhouyu closed 5 years ago
What do you aim to achieve? The HTTP content type should be set automatically.
If you feel it is not there, please provide a Wireshark trace and background how you invoked the CLI or API.
I use the command sent by openssl cmp to apply for a certificate from the CA. The returned result is 415. The CA log is as follows: How to set Content-Type when the Content-Type sent by the HttpRequester of the cmp client is not application / pkixcmp? [root@dggphicprd08002 gezhouyu]# openssl cmp -cmd ir -server 10.243.21.73:8090 -path /minica/certreq/org-certreq/ -ref northcert.pem -secret pass:huawei@123 -recipient "/CN=openssl-cmp" -newkey northkey.pem -subject "/CN=MyName" -cacertsout trust.pem -certout cl_cert.pem CMP INFO: using OpenSSL configuration file '/opt/openssl/../openssl-1.1.0j/openssl.cnf' CMP INFO: no [cmp] section found in config file '/opt/openssl/../openssl-1.1.0j/openssl.cnf'; will thus use just [default] and unnamed section if present Enter pass phrase for northkey.pem: CMP INFO: sending ir 140401340024640:error:27076072:OCSP routines:parse_http_line1:server response error:crypto/ocsp/ocsp_ht.c:260:Code=415 140401340024640:error:390B1091:CMP routines:OSSL_CMP_MSG_http_perform:failed to receive pkimessage:crypto/cmp/cmp_http.c:516: 140401340024640:error:390A1098:CMP routines:OSSL_CMP_exec_IR_ses:ip not received:crypto/cmp/cmp_ses.c:199:
CA logs: 2019-08-09 11:49:44.726 WARN 29911 --- [http-nio-8090-exec-8] .w.s.m.s.DefaultHandlerExceptionResolver : Resolved [org.sprin
Either the CA / CMP / HTTP server is not properly configured, or the CA / CMP / HTTP server does not comply with RFC 6712.
As that is not an issue with the client, there's nothing we could do. You need to direct the questions to the vendor / implementer of your CA.
The Media Type application/pkixcmp
is mandated by RFC 6712 section 3.4.
Therefore the client always uses this when sending requests
(while on responses it so war does not check the content type).
BTW, you should have a closer look at the help output and/or the man page of the CMP CLI.
Providing a cert file name for the -ref
parameter makes little sense.
You did not provide any root/server cert for authenticating responses of the server, which may be fine if it uses PBM instead our you can trust them for other reasons.
How to set Content-Type when the cmp client sends a request whose Content-Type is application/pkixcmp in HttpRequester?