search

openca / libpki

Easy-to-use high-level library for PKI-enabled applications
Other
50 stars 34 forks source link

PKCS12 in (software) token configuration #45

Open mkahric opened 4 years ago

mkahric commented 4 years ago

Is it possible to use p12 file as key/cert storage in token xml configuration?

I was try putting pki:p12 and pki:password in xml, but without success. In log I found this lines:

...
ocspd[14943]: [token.c:192] [ERROR] Possible PrivKey/Certificate Mismatch (-2)
ocspd[14943]: [core.c:59] Can not load Token Key
ocspd[14943]: [core.c:60] Can not load Token certificate
ocspd[14943]: [core.c:61] Can not load Token CA certificate
ocspd[14943]: [core.c:63] [ERROR] Token Configuration Fatal Error (56)
...

Token xml I tried with:

<?xml version="1.0" ?>
<pki:tokenConfig xmlns:pki="http://www.openca.org/openca/pki/1/0/0">
  <pki:name>ocspServerToken</pki:name>
  <pki:type>software</pki:type>
  <pki:p12>file:///usr/etc/ocspd/private/ocsp.p12</pki:p12>
  <pki:password>S0mePa55wo4d</pki:password>
  <!-- <pki:keypair></pki:keypair> -->
  <!-- <pki:cert></pki:cert> -->
  <!-- <pki:cacert></pki:cacert> -->
</pki:tokenConfig>

Do I have (and how) to provide reference to pki:keypair, pki:cert and pki:cacert?