We already use CMC enrollment (using profile caFullCMCUserCert) remotely from a RedHat
system. It works without a hitch. It requires (ala Docu) converting the requests to
binary format with AtoB before sending them on with HttpClient to the CMC servlet
(/ca/ee/ca/profileSubmitCMCFull), and then receiving the (binary-encoded) response.
When the card management system under windows sends a request - it is base64-encoded. The
CA cannot parse it and the authentication fails:
[02/Oct/2013:14:03:26][http-9543-3]: SignedAuditEventFactory: create()
message=[AuditEvent=CMC_SIGNED_REQUEST_SIG_VERIFY][SubjectID=$NonRoleUser$][Outcome=Failure][ReqType=$Unidentified$][CertSubject=$Unidentified$][SignerInfo=$Unidentified$]
agent pre-approved CMC request signature verification
Best regards,
Bill Elliott
-----Ursprüngliche Nachricht-----
Von: pki-users-bounces(a)redhat.com [mailto:pki-users-bounces@redhat.com] Im Auftrag von
Andrew Wnuk
Gesendet: Mittwoch, 02. Oktober 2013 21:07
An: pki-users(a)redhat.com
Betreff: Re: [Pki-users] base64 CMC Request format [heur]
On 10/02/2013 11:26 AM, Elliott William C OSS sIT wrote:
Hi all,
Can Dogtag (in this case v. 9.0.3-30.el6 ) be coerced into accepting base64-encoded CMC
requests? Is there a parameter somewhere? Or would it require reprogramming?
We have a (smart-)card management system (runs under Windows) which sends the requests
and expects the responses to both be base64 encoded.
Thanks and best regards,
William Elliott
s IT Solutions
Open System Services
_______________________________________________
Pki-users mailing list
Pki-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-users Check
profiles/ca/caCMCUserCert.cfg profile.
You may also check
https://access.redhat.com/site/documentation/en-US/Red_Hat_Certificate_Sy...
and
https://access.redhat.com/site/documentation/en-US/Red_Hat_Certificate_Sy...
Andrew
_______________________________________________
Pki-users mailing list
Pki-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-users