AW: Re: CA Connector can't create certificate

Hi Michael.
My suggestion:
Forget about backport and 0.15.
You can patch the localca.py and simply remove line 173. I already committed this on github. We do not need the CSR get_extentions.
Kind regards Cornelius
Cornelius Kölbel +49 151 2960 1417
NetKnights GmbHHttp://NetKnights. It
+49 561 3166 797

I added the Jessie-Backports since they deliver 0.15, but when I wanted to install it, it greps python-pyopenssl from the trusty ppa and brokes :)After that I forced it with aptitude -t jessie-backports and now I get a Internal Server Error when accessing the startpage

[Tue Jun 07 09:53:37.895043 2016] [wsgi:error] [pid 489:tid 139726979172096] /usr/lib/python2.7/dist-packages/privacyidea/models.py:1793: SAWarning: Unicode column received non-unicode default value.[Tue Jun 07 09:53:37.895273 2016] [wsgi:error] [pid 489:tid 139726979172096] default="/etc/privacyidea/dictionary")[Tue Jun 07 09:53:37.921642 2016] [wsgi:error] [pid 489:tid 139726979172096] [remote X:512] mod_wsgi (pid=489): Target WSGI script ‘/etc/privacyidea/privacyideaapp.wsgi’ cannot be loaded as Python module.[Tue Jun 07 09:53:37.921834 2016] [wsgi:error] [pid 489:tid 139726979172096] [remote X:512] mod_wsgi (pid=489): Exception occurred processing WSGI script ‘/etc/privacyidea/privacyideaapp.wsgi’.[Tue Jun 07 09:53:37.921948 2016] [wsgi:error] [pid 489:tid 139726979172096] [remote X:512] Traceback (most recent call last):[Tue Jun 07 09:53:37.922116 2016] [wsgi:error] [pid 489:tid 139726979172096] [remote X:512] File “/etc/privacyidea/privacyideaapp.wsgi”, line 3, in [Tue Jun 07 09:53:37.922265 2016] [wsgi:error] [pid 489:tid 139726979172096] [remote X:512] from privacyidea.app import create_app[Tue Jun 07 09:53:37.922359 2016] [wsgi:error] [pid 489:tid 139726979172096] [remote X:512] File “/usr/lib/python2.7/dist-packages/privacyidea/app.py”, line 28, in [Tue Jun 07 09:53:37.922952 2016] [wsgi:error] [pid 489:tid 139726979172096] [remote X:512] import privacyidea.api.before_after[Tue Jun 07 09:53:37.923097 2016] [wsgi:error] [pid 489:tid 139726979172096] [remote X:512] File “/usr/lib/python2.7/dist-packages/privacyidea/api/before_after.py”, line 29, in [Tue Jun 07 09:53:37.923599 2016] [wsgi:error] [pid 489:tid 139726979172096] [remote X:512] from …lib.user import get_user_from_param[Tue Jun 07 09:53:37.923697 2016] [wsgi:error] [pid 489:tid 139726979172096] [remote X:512] File “/usr/lib/python2.7/dist-packages/privacyidea/lib/user.py”, line 55, in [Tue Jun 07 09:53:37.924472 2016] [wsgi:error] [pid 489:tid 139726979172096] [remote X:512] from .resolver import (get_resolver_object,[Tue Jun 07 09:53:37.924585 2016] [wsgi:error] [pid 489:tid 139726979172096] [remote X:512] File “/usr/lib/python2.7/dist-packages/privacyidea/lib/resolver.py”, line 47, in [Tue Jun 07 09:53:37.925108 2016] [wsgi:error] [pid 489:tid 139726979172096] [remote X:512] from config import (get_resolver_types,[Tue Jun 07 09:53:37.925207 2016] [wsgi:error] [pid 489:tid 139726979172096] [remote X:512] File “/usr/lib/python2.7/dist-packages/privacyidea/lib/config.py”, line 47, in [Tue Jun 07 09:53:37.926073 2016] [wsgi:error] [pid 489:tid 139726979172096] [remote X:512] from .caconnectors.localca import BaseCAConnector[Tue Jun 07 09:53:37.926233 2016] [wsgi:error] [pid 489:tid 139726979172096] [remote X:512] File “/usr/lib/python2.7/dist-packages/privacyidea/lib/caconnectors/localca.py”, line 173[Tue Jun 07 09:53:37.926344 2016] [wsgi:error] [pid 489:tid 139726979172096] [remote X:512] csr_extensions = csr_obj.get_extensions()[Tue Jun 07 09:53:37.926499 2016] [wsgi:error] [pid 489:tid 139726979172096] [remote X:512] ^[Tue Jun 07 09:53:37.926583 2016] [wsgi:error] [pid 489:tid 139726979172096] [remote X:512] IndentationError: unexpected indent

I think I’m gonna reinstall from scratch …
On Monday, June 6, 2016 at 11:36:09 PM UTC+2, Cornelius Kölbel wrote:The CSR extensions are not used at the moment.

So we could as well remove this line and then python-openssl 0.14 would

work fine, again.

Kind regards

Cornelius-------- Ursprüngliche Nachricht --------Von: Michael Muenz m.muenz@gmail.com Datum: 07.06.16 09:59 (GMT+01:00) An: privacyidea privacyidea@googlegroups.com Betreff: Re: [privacyidea] CA Connector can’t create certificate

Am Montag, den 06.06.2016, 13:20 -0700 schrieb Michael Muenz:

ii openssl 1.0.1t-1+deb8u2 amd64

   Secure Sockets Layer toolkit - cryptographic utility

ii python-openssl 0.14-1 all

   Python 2 wrapper around the OpenSSL library

[2016-06-06

22:16:46,000][4767][140255173814016][INFO][privacyidea.lib.user:187]

user u’mimu’ found in resolver u’maxadmins’

[2016-06-06

22:16:46,001][4767][140255173814016][INFO][privacyidea.lib.user:188]

userid resolved to u’6ce8f8fe-5848-1030-9368-cd33db809b50’

[2016-06-06

22:16:46,028][4767][140255173814016][INFO][privacyidea.lib.user:187]

user u’mimu’ found in resolver u’maxadmins’

[2016-06-06

22:16:46,029][4767][140255173814016][INFO][privacyidea.lib.user:188]

userid resolved to u’6ce8f8fe-5848-1030-9368-cd33db809b50’

[2016-06-06

22:16:46,056][4767][140255173814016][INFO][privacyidea.lib.user:187]

user u’mimu’ found in resolver u’maxadmins’

[2016-06-06

22:16:46,057][4767][140255173814016][INFO][privacyidea.lib.user:188]

userid resolved to u’6ce8f8fe-5848-1030-9368-cd33db809b50’

[2016-06-06

22:16:46,083][4767][140255173814016][INFO][privacyidea.lib.user:187]

user u’mimu’ found in resolver u’maxadmins’

[2016-06-06

22:16:46,083][4767][140255173814016][INFO][privacyidea.lib.user:188]

userid resolved to u’6ce8f8fe-5848-1030-9368-cd33db809b50’

[2016-06-06

22:16:46,111][4767][140255173814016][INFO][privacyidea.lib.user:187]

user u’mimu’ found in resolver u’maxadmins’

[2016-06-06

22:16:46,111][4767][140255173814016][INFO][privacyidea.lib.user:188]

userid resolved to u’6ce8f8fe-5848-1030-9368-cd33db809b50’

[2016-06-06

22:16:46,139][4767][140255173814016][INFO][privacyidea.lib.user:187]

user u’mimu’ found in resolver u’maxadmins’

[2016-06-06

22:16:46,139][4767][140255173814016][INFO][privacyidea.lib.user:188]

userid resolved to u’6ce8f8fe-5848-1030-9368-cd33db809b50’

[2016-06-06

22:16:46,249][4767][140255173814016][INFO][privacyidea.lib.user:187]

user u’mimu’ found in resolver u’maxadmins’

[2016-06-06

22:16:46,249][4767][140255173814016][INFO][privacyidea.lib.user:188]

userid resolved to u’6ce8f8fe-5848-1030-9368-cd33db809b50’

[2016-06-06

22:16:46,432][4767][140255173814016][ERROR][privacyidea.app:1423]

Exception on /token/init [POST]

Traceback (most recent call last):

File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1817, in

wsgi_app

response = self.full_dispatch_request()

File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1477, in

full_dispatch_request

rv = self.handle_user_exception(e)

File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1381, in

handle_user_exception

reraise(exc_type, exc_value, tb)

File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1475, in

full_dispatch_request

rv = self.dispatch_request()

File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1461, in

dispatch_request

return self.view_functions[rule.endpoint](**req.view_args)

File

“/usr/lib/python2.7/dist-packages/privacyidea/api/lib/prepolicy.py”,

line 104, in policy_wrapper

return wrapped_function(*args, **kwds)

File

“/usr/lib/python2.7/dist-packages/privacyidea/api/lib/prepolicy.py”,

line 104, in policy_wrapper

return wrapped_function(*args, **kwds)

File

“/usr/lib/python2.7/dist-packages/privacyidea/api/lib/prepolicy.py”,

line 104, in policy_wrapper

return wrapped_function(*args, **kwds)

File

“/usr/lib/python2.7/dist-packages/privacyidea/api/lib/prepolicy.py”,

line 104, in policy_wrapper

return wrapped_function(*args, **kwds)

File

“/usr/lib/python2.7/dist-packages/privacyidea/api/lib/prepolicy.py”,

line 104, in policy_wrapper

return wrapped_function(*args, **kwds)

File

“/usr/lib/python2.7/dist-packages/privacyidea/api/lib/prepolicy.py”,

line 104, in policy_wrapper

return wrapped_function(*args, **kwds)

File

“/usr/lib/python2.7/dist-packages/privacyidea/api/lib/prepolicy.py”,

line 104, in policy_wrapper

return wrapped_function(*args, **kwds)

File

“/usr/lib/python2.7/dist-packages/privacyidea/api/lib/prepolicy.py”,

line 104, in policy_wrapper

return wrapped_function(*args, **kwds)

File

“/usr/lib/python2.7/dist-packages/privacyidea/api/lib/prepolicy.py”,

line 104, in policy_wrapper

return wrapped_function(*args, **kwds)

File “/usr/lib/python2.7/dist-packages/privacyidea/lib/event.py”,

line 57, in event_wrapper

f_result = func(*args, **kwds)

File “/usr/lib/python2.7/dist-packages/privacyidea/lib/log.py”, line

180, in log_wrapper

f_result = func(*args, **kwds)

File “/usr/lib/python2.7/dist-packages/privacyidea/api/token.py”,

line 186, in init

tokenrealms=tokenrealms)

File “/usr/lib/python2.7/dist-packages/privacyidea/lib/log.py”, line

180, in log_wrapper

f_result = func(*args, **kwds)

File “/usr/lib/python2.7/dist-packages/privacyidea/lib/token.py”,

line 912, in init_token

tokenobject.update(upd_params)

File

“/usr/lib/python2.7/dist-packages/privacyidea/lib/tokens/certificatetoken.py”, line 218, in update

crypto.FILETYPE_PEM, req))

File

“/usr/lib/python2.7/dist-packages/privacyidea/lib/caconnectors/localca.py”, line 173, in sign_request

csr_extensions = csr_obj.get_extensions()

AttributeError: ‘X509Req’ object has no attribute ‘get_extensions’

On Monday, June 6, 2016 at 4:00:41 PM UTC+2, Cornelius Kölbel wrote:

    Hi, 
    can you please post your privacyidea.log? 
    There should be a traceback. 
    Which version of pyopenssl and which version of openssl are
    you using? 
    Kind regards 
    Cornelius 
    Am Montag, den 06.06.2016, 06:33 -0700 schrieb Michael Muenz: 
    > Hi, 
    > 
    > 
    > I've set up the WebCA as described in 
    >
    http://privacyidea.readthedocs.io/en/latest/configuration/caconnectors.html 
    > 
    > 
    > 
    > When I try to roll out a new certificate I get: 
    > 'X509Req' object has no attribute 'get_extensions' 
    > 
    > 
    > 
    > There's no certificate but the token will be displayed
    within the 
    > token view. 
    > 
    > 
    > Google tells me about some "wont fixes" with PyOpenSSL. 
    > 
    > 
    > I'm using Debian 8 with latest packages from Trusty build. 
    > 
    > 
    > 
    > 
    > Any ideas? 
    > 
    > 
    > Thanks 
    > Michael 
    > -- 
    > Please read the blog post about getting help 
    > https://www.privacyidea.org/getting-help/. 
    >   
    > For professional services and consultancy regarding two
    factor 
    > authentication please visit 
    > https://netknights.it/en/leistungen/one-time-services/ 
    >   
    > In an enterprise environment you should get a SERVICE LEVEL
    AGREEMENT 
    > which suites your needs for SECURITY, AVAILABILITY and
    LIABILITY: 
    >
    https://netknights.it/en/leistungen/service-level-agreements/ 
    > --- 
    > You received this message because you are subscribed to the
    Google 
    > Groups "privacyidea" group. 
    > To unsubscribe from this group and stop receiving emails
    from it, send 
    > an email to privacyidea...@googlegroups.com. 
    > To post to this group, send email to
    priva...@googlegroups.com. 
    > Visit this group at
    https://groups.google.com/group/privacyidea. 
    > To view this discussion on the web visit 
    >
    https://groups.google.com/d/msgid/privacyidea/9f13cbc2-8c89-4aaa-86ef-09b748676673%40googlegroups.com. 
    > For more options, visit https://groups.google.com/d/optout. 
    -- 
    Cornelius Kölbel 
    corneliu...@netknights.it 
    +49 151 2960 1417 
    NetKnights GmbH 
    http://www.netknights.it 
    Landgraf-Karl-Str. 19, 34131 Kassel, Germany 
    Tel: +49 561 3166797, Fax: +49 561 3166798 
    Amtsgericht Kassel, HRB 16405 
    Geschäftsführer: Cornelius Kölbel 

Please read the blog post about getting help

https://www.privacyidea.org/getting-help/.

For professional services and consultancy regarding two factor

authentication please visit

https://netknights.it/en/leistungen/one-time-services/

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT

which suites your needs for SECURITY, AVAILABILITY and LIABILITY:

https://netknights.it/en/leistungen/service-level-agreements/


You received this message because you are subscribed to the Google

Groups “privacyidea” group.

To unsubscribe from this group and stop receiving emails from it, send

an email to privacyidea...@googlegroups.com.

To post to this group, send email to priva...@googlegroups.com.

Visit this group at https://groups.google.com/group/privacyidea.

To view this discussion on the web visit

https://groups.google.com/d/msgid/privacyidea/137ce9e3-bc5b-4dce-bd01-5fbd46e0f7da%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Cornelius Kölbel

corneliu…@netknights.it

+49 151 2960 1417

NetKnights GmbH

http://www.netknights.it

Landgraf-Karl-Str. 19, 34131 Kassel, Germany

Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405

Geschäftsführer: Cornelius Kölbel

Please read the blog post about getting help

https://www.privacyidea.org/getting-help/.

For professional services and consultancy regarding two factor authentication please visit

https://netknights.it/en/leistungen/one-time-services/

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT which suites your needs for SECURITY, AVAILABILITY and LIABILITY:

https://netknights.it/en/leistungen/service-level-agreements/


You received this message because you are subscribed to the Google Groups “privacyidea” group.

To unsubscribe from this group and stop receiving emails from it, send an email to privacyidea+unsubscribe@googlegroups.com.

To post to this group, send email to privacyidea@googlegroups.com.

Visit this group at https://groups.google.com/group/privacyidea.

To view this discussion on the web visit https://groups.google.com/d/msgid/privacyidea/b89d0ffc-b9ff-4362-bce6-9c81124d481e%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Hi Michael,
I was thinking the passphrase on the ca key.In my opinion having a passphtase only makes limited sense.The passphrase would be encrypted in the database. Encrypted with the encryption key, which is probably only protected by file access. So you can protect the ca key with file access in the first place.
Think of the local ca as a working proof of concept :-)Any feedback and input is appreciated.
Kind regardsCornelius

Cornelius Kölbel +49 151 2960 1417
NetKnights GmbHHttp://NetKnights. It
+49 561 3166 797

Ok, removed the line and it works again. Now I can download the PKCS12.
But I had to remove the password from the ca.key … will this be the final version or do you plan some fields in the UI to enter the password for the root-ca?
Michael

On Tuesday, June 7, 2016 at 9:59:06 AM UTC+2, Michael Muenz wrote:I added the Jessie-Backports since they deliver 0.15, but when I wanted to install it, it greps python-pyopenssl from the trusty ppa and brokes :)After that I forced it with aptitude -t jessie-backports and now I get a Internal Server Error when accessing the startpage

[Tue Jun 07 09:53:37.895043 2016] [wsgi:error] [pid 489:tid 139726979172096] /usr/lib/python2.7/dist-packages/privacyidea/models.py:1793: SAWarning: Unicode column received non-unicode default value.[Tue Jun 07 09:53:37.895273 2016] [wsgi:error] [pid 489:tid 139726979172096] default="/etc/privacyidea/dictionary")[Tue Jun 07 09:53:37.921642 2016] [wsgi:error] [pid 489:tid 139726979172096] [remote X:512] mod_wsgi (pid=489): Target WSGI script ‘/etc/privacyidea/privacyideaapp.wsgi’ cannot be loaded as Python module.[Tue Jun 07 09:53:37.921834 2016] [wsgi:error] [pid 489:tid 139726979172096] [remote X:512] mod_wsgi (pid=489): Exception occurred processing WSGI script ‘/etc/privacyidea/privacyideaapp.wsgi’.[Tue Jun 07 09:53:37.921948 2016] [wsgi:error] [pid 489:tid 139726979172096] [remote X:512] Traceback (most recent call last):[Tue Jun 07 09:53:37.922116 2016] [wsgi:error] [pid 489:tid 139726979172096] [remote X:512] File “/etc/privacyidea/privacyideaapp.wsgi”, line 3, in [Tue Jun 07 09:53:37.922265 2016] [wsgi:error] [pid 489:tid 139726979172096] [remote X:512] from privacyidea.app import create_app[Tue Jun 07 09:53:37.922359 2016] [wsgi:error] [pid 489:tid 139726979172096] [remote X:512] File “/usr/lib/python2.7/dist-packages/privacyidea/app.py”, line 28, in [Tue Jun 07 09:53:37.922952 2016] [wsgi:error] [pid 489:tid 139726979172096] [remote X:512] import privacyidea.api.before_after[Tue Jun 07 09:53:37.923097 2016] [wsgi:error] [pid 489:tid 139726979172096] [remote X:512] File “/usr/lib/python2.7/dist-packages/privacyidea/api/before_after.py”, line 29, in [Tue Jun 07 09:53:37.923599 2016] [wsgi:error] [pid 489:tid 139726979172096] [remote X:512] from …lib.user import get_user_from_param[Tue Jun 07 09:53:37.923697 2016] [wsgi:error] [pid 489:tid 139726979172096] [remote X:512] File “/usr/lib/python2.7/dist-packages/privacyidea/lib/user.py”, line 55, in [Tue Jun 07 09:53:37.924472 2016] [wsgi:error] [pid 489:tid 139726979172096] [remote X:512] from .resolver import (get_resolver_object,[Tue Jun 07 09:53:37.924585 2016] [wsgi:error] [pid 489:tid 139726979172096] [remote X:512] File “/usr/lib/python2.7/dist-packages/privacyidea/lib/resolver.py”, line 47, in [Tue Jun 07 09:53:37.925108 2016] [wsgi:error] [pid 489:tid 139726979172096] [remote X:512] from config import (get_resolver_types,[Tue Jun 07 09:53:37.925207 2016] [wsgi:error] [pid 489:tid 139726979172096] [remote X:512] File “/usr/lib/python2.7/dist-packages/privacyidea/lib/config.py”, line 47, in [Tue Jun 07 09:53:37.926073 2016] [wsgi:error] [pid 489:tid 139726979172096] [remote X:512] from .caconnectors.localca import BaseCAConnector[Tue Jun 07 09:53:37.926233 2016] [wsgi:error] [pid 489:tid 139726979172096] [remote X:512] File “/usr/lib/python2.7/dist-packages/privacyidea/lib/caconnectors/localca.py”, line 173[Tue Jun 07 09:53:37.926344 2016] [wsgi:error] [pid 489:tid 139726979172096] [remote X:512] csr_extensions = csr_obj.get_extensions()[Tue Jun 07 09:53:37.926499 2016] [wsgi:error] [pid 489:tid 139726979172096] [remote X:512] ^[Tue Jun 07 09:53:37.926583 2016] [wsgi:error] [pid 489:tid 139726979172096] [remote X:512] IndentationError: unexpected indent

I think I’m gonna reinstall from scratch …
On Monday, June 6, 2016 at 11:36:09 PM UTC+2, Cornelius Kölbel wrote:The CSR extensions are not used at the moment.

So we could as well remove this line and then python-openssl 0.14 would

work fine, again.

Kind regards

Cornelius-------- Ursprüngliche Nachricht --------Von: Michael Muenz m.muenz@gmail.com Datum: 07.06.16 10:04 (GMT+01:00) An: privacyidea privacyidea@googlegroups.com Betreff: Re: [privacyidea] CA Connector can’t create certificate

Am Montag, den 06.06.2016, 13:20 -0700 schrieb Michael Muenz:

ii openssl 1.0.1t-1+deb8u2 amd64

   Secure Sockets Layer toolkit - cryptographic utility

ii python-openssl 0.14-1 all

   Python 2 wrapper around the OpenSSL library

[2016-06-06

22:16:46,000][4767][140255173814016][INFO][privacyidea.lib.user:187]

user u’mimu’ found in resolver u’maxadmins’

[2016-06-06

22:16:46,001][4767][140255173814016][INFO][privacyidea.lib.user:188]

userid resolved to u’6ce8f8fe-5848-1030-9368-cd33db809b50’

[2016-06-06

22:16:46,028][4767][140255173814016][INFO][privacyidea.lib.user:187]

user u’mimu’ found in resolver u’maxadmins’

[2016-06-06

22:16:46,029][4767][140255173814016][INFO][privacyidea.lib.user:188]

userid resolved to u’6ce8f8fe-5848-1030-9368-cd33db809b50’

[2016-06-06

22:16:46,056][4767][140255173814016][INFO][privacyidea.lib.user:187]

user u’mimu’ found in resolver u’maxadmins’

[2016-06-06

22:16:46,057][4767][140255173814016][INFO][privacyidea.lib.user:188]

userid resolved to u’6ce8f8fe-5848-1030-9368-cd33db809b50’

[2016-06-06

22:16:46,083][4767][140255173814016][INFO][privacyidea.lib.user:187]

user u’mimu’ found in resolver u’maxadmins’

[2016-06-06

22:16:46,083][4767][140255173814016][INFO][privacyidea.lib.user:188]

userid resolved to u’6ce8f8fe-5848-1030-9368-cd33db809b50’

[2016-06-06

22:16:46,111][4767][140255173814016][INFO][privacyidea.lib.user:187]

user u’mimu’ found in resolver u’maxadmins’

[2016-06-06

22:16:46,111][4767][140255173814016][INFO][privacyidea.lib.user:188]

userid resolved to u’6ce8f8fe-5848-1030-9368-cd33db809b50’

[2016-06-06

22:16:46,139][4767][140255173814016][INFO][privacyidea.lib.user:187]

user u’mimu’ found in resolver u’maxadmins’

[2016-06-06

22:16:46,139][4767][140255173814016][INFO][privacyidea.lib.user:188]

userid resolved to u’6ce8f8fe-5848-1030-9368-cd33db809b50’

[2016-06-06

22:16:46,249][4767][140255173814016][INFO][privacyidea.lib.user:187]

user u’mimu’ found in resolver u’maxadmins’

[2016-06-06

22:16:46,249][4767][140255173814016][INFO][privacyidea.lib.user:188]

userid resolved to u’6ce8f8fe-5848-1030-9368-cd33db809b50’

[2016-06-06

22:16:46,432][4767][140255173814016][ERROR][privacyidea.app:1423]

Exception on /token/init [POST]

Traceback (most recent call last):

File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1817, in

wsgi_app

response = self.full_dispatch_request()

File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1477, in

full_dispatch_request

rv = self.handle_user_exception(e)

File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1381, in

handle_user_exception

reraise(exc_type, exc_value, tb)

File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1475, in

full_dispatch_request

rv = self.dispatch_request()

File “/usr/lib/python2.7/dist-packages/flask/app.py”, line 1461, in

dispatch_request

return self.view_functions[rule.endpoint](**req.view_args)

File

“/usr/lib/python2.7/dist-packages/privacyidea/api/lib/prepolicy.py”,

line 104, in policy_wrapper

return wrapped_function(*args, **kwds)

File

“/usr/lib/python2.7/dist-packages/privacyidea/api/lib/prepolicy.py”,

line 104, in policy_wrapper

return wrapped_function(*args, **kwds)

File

“/usr/lib/python2.7/dist-packages/privacyidea/api/lib/prepolicy.py”,

line 104, in policy_wrapper

return wrapped_function(*args, **kwds)

File

“/usr/lib/python2.7/dist-packages/privacyidea/api/lib/prepolicy.py”,

line 104, in policy_wrapper

return wrapped_function(*args, **kwds)

File

“/usr/lib/python2.7/dist-packages/privacyidea/api/lib/prepolicy.py”,

line 104, in policy_wrapper

return wrapped_function(*args, **kwds)

File

“/usr/lib/python2.7/dist-packages/privacyidea/api/lib/prepolicy.py”,

line 104, in policy_wrapper

return wrapped_function(*args, **kwds)

File

“/usr/lib/python2.7/dist-packages/privacyidea/api/lib/prepolicy.py”,

line 104, in policy_wrapper

return wrapped_function(*args, **kwds)

File

“/usr/lib/python2.7/dist-packages/privacyidea/api/lib/prepolicy.py”,

line 104, in policy_wrapper

return wrapped_function(*args, **kwds)

File

“/usr/lib/python2.7/dist-packages/privacyidea/api/lib/prepolicy.py”,

line 104, in policy_wrapper

return wrapped_function(*args, **kwds)

File “/usr/lib/python2.7/dist-packages/privacyidea/lib/event.py”,

line 57, in event_wrapper

f_result = func(*args, **kwds)

File “/usr/lib/python2.7/dist-packages/privacyidea/lib/log.py”, line

180, in log_wrapper

f_result = func(*args, **kwds)

File “/usr/lib/python2.7/dist-packages/privacyidea/api/token.py”,

line 186, in init

tokenrealms=tokenrealms)

File “/usr/lib/python2.7/dist-packages/privacyidea/lib/log.py”, line

180, in log_wrapper

f_result = func(*args, **kwds)

File “/usr/lib/python2.7/dist-packages/privacyidea/lib/token.py”,

line 912, in init_token

tokenobject.update(upd_params)

File

“/usr/lib/python2.7/dist-packages/privacyidea/lib/tokens/certificatetoken.py”, line 218, in update

crypto.FILETYPE_PEM, req))

File

“/usr/lib/python2.7/dist-packages/privacyidea/lib/caconnectors/localca.py”, line 173, in sign_request

csr_extensions = csr_obj.get_extensions()

AttributeError: ‘X509Req’ object has no attribute ‘get_extensions’

On Monday, June 6, 2016 at 4:00:41 PM UTC+2, Cornelius Kölbel wrote:

    Hi, 
    can you please post your privacyidea.log? 
    There should be a traceback. 
    Which version of pyopenssl and which version of openssl are
    you using? 
    Kind regards 
    Cornelius 
    Am Montag, den 06.06.2016, 06:33 -0700 schrieb Michael Muenz: 
    > Hi, 
    > 
    > 
    > I've set up the WebCA as described in 
    >
    http://privacyidea.readthedocs.io/en/latest/configuration/caconnectors.html 
    > 
    > 
    > 
    > When I try to roll out a new certificate I get: 
    > 'X509Req' object has no attribute 'get_extensions' 
    > 
    > 
    > 
    > There's no certificate but the token will be displayed
    within the 
    > token view. 
    > 
    > 
    > Google tells me about some "wont fixes" with PyOpenSSL. 
    > 
    > 
    > I'm using Debian 8 with latest packages from Trusty build. 
    > 
    > 
    > 
    > 
    > Any ideas? 
    > 
    > 
    > Thanks 
    > Michael 
    > -- 
    > Please read the blog post about getting help 
    > https://www.privacyidea.org/getting-help/. 
    >   
    > For professional services and consultancy regarding two
    factor 
    > authentication please visit 
    > https://netknights.it/en/leistungen/one-time-services/ 
    >   
    > In an enterprise environment you should get a SERVICE LEVEL
    AGREEMENT 
    > which suites your needs for SECURITY, AVAILABILITY and
    LIABILITY: 
    >
    https://netknights.it/en/leistungen/service-level-agreements/ 
    > --- 
    > You received this message because you are subscribed to the
    Google 
    > Groups "privacyidea" group. 
    > To unsubscribe from this group and stop receiving emails
    from it, send 
    > an email to privacyidea...@googlegroups.com. 
    > To post to this group, send email to
    priva...@googlegroups.com. 
    > Visit this group at
    https://groups.google.com/group/privacyidea. 
    > To view this discussion on the web visit 
    >
    https://groups.google.com/d/msgid/privacyidea/9f13cbc2-8c89-4aaa-86ef-09b748676673%40googlegroups.com. 
    > For more options, visit https://groups.google.com/d/optout. 
    -- 
    Cornelius Kölbel 
    corneliu...@netknights.it 
    +49 151 2960 1417 
    NetKnights GmbH 
    http://www.netknights.it 
    Landgraf-Karl-Str. 19, 34131 Kassel, Germany 
    Tel: +49 561 3166797, Fax: +49 561 3166798 
    Amtsgericht Kassel, HRB 16405 
    Geschäftsführer: Cornelius Kölbel 

Please read the blog post about getting help

https://www.privacyidea.org/getting-help/.

For professional services and consultancy regarding two factor

authentication please visit

https://netknights.it/en/leistungen/one-time-services/

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT

which suites your needs for SECURITY, AVAILABILITY and LIABILITY:

https://netknights.it/en/leistungen/service-level-agreements/


You received this message because you are subscribed to the Google

Groups “privacyidea” group.

To unsubscribe from this group and stop receiving emails from it, send

an email to privacyidea...@googlegroups.com.

To post to this group, send email to priva...@googlegroups.com.

Visit this group at https://groups.google.com/group/privacyidea.

To view this discussion on the web visit

https://groups.google.com/d/msgid/privacyidea/137ce9e3-bc5b-4dce-bd01-5fbd46e0f7da%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.

Cornelius Kölbel

corneliu…@netknights.it

+49 151 2960 1417

NetKnights GmbH

http://www.netknights.it

Landgraf-Karl-Str. 19, 34131 Kassel, Germany

Tel: +49 561 3166797, Fax: +49 561 3166798

Amtsgericht Kassel, HRB 16405

Geschäftsführer: Cornelius Kölbel

Please read the blog post about getting help

https://www.privacyidea.org/getting-help/.

For professional services and consultancy regarding two factor authentication please visit

https://netknights.it/en/leistungen/one-time-services/

In an enterprise environment you should get a SERVICE LEVEL AGREEMENT which suites your needs for SECURITY, AVAILABILITY and LIABILITY:

https://netknights.it/en/leistungen/service-level-agreements/


You received this message because you are subscribed to the Google Groups “privacyidea” group.

To unsubscribe from this group and stop receiving emails from it, send an email to privacyidea+unsubscribe@googlegroups.com.

To post to this group, send email to privacyidea@googlegroups.com.

Visit this group at https://groups.google.com/group/privacyidea.

To view this discussion on the web visit https://groups.google.com/d/msgid/privacyidea/fda5957c-bbd1-41b7-b1c2-71ba7b4b79b1%40googlegroups.com.

For more options, visit https://groups.google.com/d/optout.