Closed highercomve closed 4 years ago
Hi, thanks for your positive feedback and details on a potential bug.
From the output of the CMP client one can see that
Does everything go well when you leave out -reqexts req_extensions
?
This would indicate a bug on the server handling that extension.
BTW, you could put at least part of the command-line options you mention above inside your cert.conf
file such that you do not need to explicitly give them for each call of the openssl cmp
client.
If the server does not accept the request extension the server should return a to-the-point CMP error message indicating the reason (which the client would print at least when you add the -unprotectederrors
option since some CMP servers like EJBCA do not properly protect the error responses they send).
The server should react with an unspecific HTTP-level error only in rather low-level error situations (such as: out of memory).
Thanks for the super-fast response.
Without a doubt, the error seems to be on EJBCA server when I remove the -reqexts req_extensions
work perfect.
Using the -unprotectederrors
give me the same error
I guess i should write about this in the EJBCA issue board :)
Thanks again and sorry for the confusion.
Hello,
First thanks for all the good work inside this project, I'm learning about this topic for the first time, and maybe the problem is something I'm doing wrong. I will try to put all the information need it in order to know if is that or is and actual bug.
I'm trying to create a Certificate Request using custom extensions for the certificate.
This is what I have
This is the configuration file
I added a new profile certificate that is used by the RA alias
And I always get this error