Closed hainguyen291 closed 6 years ago
Does someone have any suggestion about the above problem?
btw: when I click on Diagnostic
, It seems that I have problem with my OCSP service url.
I installed CA based on this instruction. 10.145.12.20 is CA machine's IP.
@hainguyen291
I don't know if xroad_ca_dn_country: "VN" affected my certificate or not, because I used FiVRKCertificateProfileInfoProvider when config my central server.
When you use FiVRKCertificateProfileInfoProvider
the country code must be FI
. It's hard coded in the class. You should change xroad_ca_dn_country
to FI
to make it work.
btw: when I click on Diagnostic , It seems that I have problem with my OCSP service url.
Have you tried to restart NGINX and OCPS services as described here?
Hi @petkivim
Yeah, may be you are right. My xroad_ca_dn_country=VN
could affect my test-CA server. I will re-install test-CA server with FI as my xroad_ca_dn_country
. Then, I will use this cert for my Certificate Services on my Central Server. I hope I can register/send Auth Certificate request to central server from security server.
I thought FI doesn't affect my central server on development environment, so I use VN when configured my central server. Do you think I should also config my central server with FI too? If yes, I have to re-install my central server, don't I?
Btw, I could create connection with 10.145.12.20:8899
for my TSA. So, my OCSP's url should be 10.145.12.20:8888
, shouldn't be?
Regards,
Hai
@petkivim I finally made it, my friend! Thank you for your support!!!
Best, Hai
Hi everyone,
I use this test-CA to test my X-Road instance. I could sign Auth and Sign certificates for security server already. Although, I could import auth certificate but I couldn't register this one.
I don't know if
xroad_ca_dn_country: "VN"
affected my certificate or not, because I usedFiVRKCertificateProfileInfoProvider
when config my central server.Regards, Hai.