hxtool, issuing a certificate based on an external CSR?

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
|

hxtool, issuing a certificate based on an external CSR?

Fredrik Pettai
Hi,

I’m trying to get hxtool to issue an user certificate based on an “external" CSR (not created by hxtool), but I get an error:

$ hxtool issue-certificate \
        --type="pkinit-client" \
        --pk-init-principal="[hidden email]" \
        --ca-certificate="FILE:krb5ca.pem" \
        --subject="CN=Fredrik Pettai,DC=pettai,DC=se" \
        --req="FILE:test2.csr" \
        --certificate="FILE:test2.pem”

  hxtool: parse_request: FILE:test2.csr: unsupport type in FILE:test2.csr


Perhaps generic CSR:s aren't supported?
Since this using a smartcard (with it’s limited tools) I can only add subject to the CSR, but without containing krb5PrincipalName
(ref http://www.h5l.org/manual/HEAD/info/heimdal/Setting-up-PK_002dINIT.html),

But it should not be a problem for hxtool to overwrite subject or complement any missing attribute in the CSR if I append the correct    
attributes and values then invoking hxtool…

Re,
/P