Failed register certificate

[hainguyen291]

Hi everyone,

I use this test-CA to test my X-Road instance. I could sign Auth and Sign certificates for security server already. Although, I could import auth certificate but I couldn't register this one.

I don't know if xroad_ca_dn_country: "VN" affected my certificate or not, because I used FiVRKCertificateProfileInfoProvider when config my central server.

Regards, Hai.

[hainguyen291]

Does someone have any suggestion about the above problem? btw: when I click on Diagnostic , It seems that I have problem with my OCSP service url.

I installed CA based on this instruction. 10.145.12.20 is CA machine's IP.

[petkivim]

@hainguyen291

I don't know if xroad_ca_dn_country: "VN" affected my certificate or not, because I used FiVRKCertificateProfileInfoProvider when config my central server.

When you use FiVRKCertificateProfileInfoProvider the country code must be FI. It's hard coded in the class. You should change xroad_ca_dn_country to FI to make it work.

[petkivim]

btw: when I click on Diagnostic , It seems that I have problem with my OCSP service url.

Have you tried to restart NGINX and OCPS services as described here?

[hainguyen291]

Hi @petkivim

Yeah, may be you are right. My xroad_ca_dn_country=VN could affect my test-CA server. I will re-install test-CA server with FI as my xroad_ca_dn_country. Then, I will use this cert for my Certificate Services on my Central Server. I hope I can register/send Auth Certificate request to central server from security server.

I thought FI doesn't affect my central server on development environment, so I use VN when configured my central server. Do you think I should also config my central server with FI too? If yes, I have to re-install my central server, don't I?

Btw, I could create connection with 10.145.12.20:8899 for my TSA. So, my OCSP's url should be 10.145.12.20:8888, shouldn't be?

Regards,

Hai

[hainguyen291]

@petkivim I finally made it, my friend! Thank you for your support!!!

Best, Hai