search

ufven / cepces

cepces is an application for enrolling certificates through CEP and CES.
GNU General Public License v3.0
10 stars 0 forks source link

cepces not renewing certs? #12

Closed joakim-tjernlund closed 3 years ago

joakim-tjernlund commented 3 years ago

I am getting report about expired cert:

Number of certificates and requests being tracked: 1.
Request ID 'MachineCertificate':
    status: NEED_CA
    stuck: yes
    key pair storage: type=FILE,location='/etc/machine.key'
    certificate: type=FILE,location='/etc/machine.crt'
    issuer: CN=x.com,DC=x,DC=com
    subject: CN=xxx.yyy.com
    expires: 2020-09-05 12:06:22 CEST
    dns: xxx.yyy.com
    key usage: digitalSignature,keyEncipherment
    eku: id-kp-clientAuth,id-kp-serverAuth
    certificate template/profile: Machine
    profile: Machine
    pre-save command: 
    post-save command: 
    track: yes
    auto-renew: yes

certmonger is running and I can request a new cert by deleting the old one:

getcert request -w -v -M 644 -c cepces -T Machine -I MachineCertificate -u digitalSignature -u keyEncipherment -k /etc/machine.key -f /etc/machine.crt

joakim-tjernlund commented 3 years ago

Ping ? Still get stuck: getcert resubmit -i MachineCertificate -w -v Resubmitting "MachineCertificate". State GENERATING_CSR, stuck: no. State NEED_CA, stuck: yes.

dmulder commented 3 years ago

@joakim-tjernlund can you post the contents of your log (probably in /var/log/cepces/cepces.log)?

dmulder commented 3 years ago

Also, what is the output of getcert list-cas?

joakim-tjernlund commented 3 years ago

Been a while now but I seem to recall I solved this. Some configuration on my part was missing.