6:34 a.m.
Hi Endi,
Thanks a lot for your response. In the meanwhile I managed to get some code
working to get this approval done but somehow when I do this for a number
of times it hangs. I then checked with the PKI CLI and the approval call is
indeed at times very slow (giving a hang perception but does work after
some time) and that's the reason my code breaks with an exception - see
below. So I have 2 queries:
- Why Approval calls so slow? Can these be made faster. I am running fedora
32 as VM with 6 GB RAM and 4 vCPUs.
- Is there a way to set the timeout period in the client to ensure the
calling application doesn't close the session too soon.
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection - Client
certificate: PKI Administrator for localhost.localdomain
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection - HTTP
request: POST /ca/rest/agent/certrequests/68/approve HTTP/1.1
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection -
Accept: application/xml
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection -
Content-Type: application/xml
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection -
Content-Length: 21606
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection - Host:
192.168.56.103:8443
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection -
Connection: Keep-Alive
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection -
User-Agent: Apache-HttpClient/4.5.10 (Java/1.8.0_242)
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection -
Cookie: JSESSIONID=BF20B9C354788A712389E9FBF920651C
pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection - HTTP
response: HTTP/1.1 400
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection -
Content-Type: text/html;charset=UTF-8
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection -
Content-Length: 243
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection - Date:
Thu, 12 Nov 2020 09:25:04 GMT
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection -
Connection: close
*[pool-3-thread-4] ERROR com.netscape.certsrv.client.PKIConnection -
WARNING: SSL alert sent: CLOSE_NOTIFY*
com.netscape.certsrv.base.PKIException: Bad Request
at
com.netscape.certsrv.client.PKIConnection.handleErrorResponse(PKIConnection.java:469)
at
com.netscape.certsrv.client.PKIConnection.getEntity(PKIConnection.java:432)
at com.netscape.certsrv.client.PKIClient.getEntity(PKIClient.java:106)
at
com.netscape.certsrv.ca.CACertClient.approveRequest(CACertClient.java:127)
On Thu, Nov 12, 2020 at 5:05 PM <pki-users-owner(a)redhat.com> wrote:
This mailing list is restricted to members, and your message has
been
automatically rejected.
To subscribe, visit: https://www.redhat.com/mailman/listinfo/pki-users
If you think that your messages are being rejected in error, contact
the mailing list owner at pki-users-owner(a)redhat.com.
---------- Forwarded message ----------
From: "info@codegic" <info(a)codegic.com>
To: Endi Dewata <edewata(a)redhat.com>
Cc: pki-users(a)redhat.com
Bcc:
Date: Thu, 12 Nov 2020 16:59:13 +0500
Subject: Re: [Pki-users] Is Dogtag PKI Rest API documentation up to date?
Hi Endi,
Thanks a lot for your response. In the meanwhile I managed to get some
code working to get this approval done but somehow when I do this for a
number of times it hangs. I then checked with the PKI CLI and the approval
call is indeed at times very slow (giving a hang perception but does work
after some time) and that's the reason my code breaks with an exception -
see below. So I have 2 queries:
- Why Approval calls so slow? Can these be made faster. I am running
fedora 32 as VM with 6 GB RAM and 4 vCPUs.
- Is there a way to set the timeout period in the client to ensure the
calling application doesn't close the session too soon.
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection - Client
certificate: PKI Administrator for localhost.localdomain
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection - HTTP
request: POST /ca/rest/agent/certrequests/68/approve HTTP/1.1
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection -
Accept: application/xml
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection -
Content-Type: application/xml
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection -
Content-Length: 21606
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection - Host:
192.168.56.103:8443
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection -
Connection: Keep-Alive
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection -
User-Agent: Apache-HttpClient/4.5.10 (Java/1.8.0_242)
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection -
Cookie: JSESSIONID=BF20B9C354788A712389E9FBF920651C
pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection - HTTP
response: HTTP/1.1 400
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection -
Content-Type: text/html;charset=UTF-8
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection -
Content-Length: 243
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection - Date:
Thu, 12 Nov 2020 09:25:04 GMT
[pool-3-thread-4] INFO com.netscape.certsrv.client.PKIConnection -
Connection: close
*[pool-3-thread-4] ERROR com.netscape.certsrv.client.PKIConnection -
WARNING: SSL alert sent: CLOSE_NOTIFY*
com.netscape.certsrv.base.PKIException: Bad Request
at
com.netscape.certsrv.client.PKIConnection.handleErrorResponse(PKIConnection.java:469)
at
com.netscape.certsrv.client.PKIConnection.getEntity(PKIConnection.java:432)
at com.netscape.certsrv.client.PKIClient.getEntity(PKIClient.java:106)
at
com.netscape.certsrv.ca.CACertClient.approveRequest(CACertClient.java:127)
On Wed, Nov 11, 2020 at 10:39 PM Endi Dewata <edewata(a)redhat.com> wrote:
> Hi Wahaj,
>
> The REST API doc was created manually, so unfortunately it may have become
> out of date and we don't have resources right now to update it. For now
> I'd suggest
> to run the pki CLI in --verbose, --message-format, and --output to see
> the actual
> request and responses sent between the server and client and then
> replicate the
> same messages in your application. Hope this helps.
>
> https://github.com/dogtagpki/pki/wiki/PKI-CLI-Options
>
> --
> Endi S. Dewata
>
>
> On Mon, Nov 9, 2020 at 1:52 AM Wahaj K <mwahaj3120(a)gmail.com> wrote:
>
>> Hi,
>>
>> Saw the documentation at:
>> https://github.com/dogtagpki/pki/wiki/PKI-CA-Revoke-Certificate-REST-API
>>
>> I am trying this and failing. I get all sort of issues like Content type
>> is not valid, Content Length is not valid etc when I put some content type
>> and content length. I believe as this is HTTP POST and no content required
>> hence I am then skipping both of these but then I get this in the CA logs:
>>
>> 2020-11-09 11:33:00 [https-jsse-nio-8443-exec-24] ERROR: RESTEASY002010:
>> Failed to execute
>>
>> javax.ws.rs.NotSupportedException: RESTEASY003200: Could not find
>> message body reader for type: class
>> com.netscape.certsrv.cert.CertRevokeRequest of content type: */*
>>
>> I am using Postman. Get Certs call is working fine.
>>
>> [image: image.png]
>>
>> I get similar errors on the Restful Approve call.
>>
>> Is the documentation up to date? I am stuck for days :( *Would be
>> grateful if you can guide!*
>>
>> Regards,
>> Wahaj
>> _______________________________________________
>> Pki-users mailing list
>> Pki-users(a)redhat.com
>> https://www.redhat.com/mailman/listinfo/pki-users
>
>
>
>
1509
days inactive
1509
days old
0 comments
1 participants
participants (1)
-
Wahaj K