Certificate Enrollment via REST API - Always getting 400 No Password

[dug-ianc]

I finally seem to be able to use the remote rest API for EJCBA, and I'm trying to create a certificate (used for ID) for an existing entity through the API. The code is in python and is mostly based on this at the moment:

https://github.com/Keyfactor/keyfactorcommunity/blob/main/apps-integration/ejbca-rest-api/pkcs10Enroll.py

Now it's almost working, except I always get this error and I don't understand why:

{'error_code': 400, 'error_message': 'No password in request.'}

The relevant section of code is show in the screenshot

Does anyone know what I'm doing wrong?

I'm generating the CSR using openssl with the following calls

def make_sign_key(keyFileName = 'sign.key'):
subprocess.call(["openssl", "genrsa", "-out", f"{keyFileName}", "2048"])

def sign_csr(cfgFileName, keyFileName = 'sign.key', csrFileName = 'req.csr'):
subprocess.call(["openssl", "req", "-new", "-sha256", "-key", f"{keyFileName}", "-out", f"{csrFileName}", "-config", f"{cfgFileName}"])

[dug-ianc]

OK, seems it does that if the entity ALREADY exists. If I remove the entity it enrols and generates in one go