right now i'm stuck after "openxpkictl start"
please help. thanks in advance:
ROOT [deployment]$ openxpkiadm deploy /usr/local
Deploying OpenXPKI configuration file set.
Template set: default
Template source directory: /usr/local/share/openxpki/templates
Target directory: /usr/local
openxpki-metaconf options: /usr/local
wrote /usr/local/etc/openxpki/openxpki.conf
OpenXPKI instance successfully deployed to /usr/local.
You may now want to run
cd /usr/local
openxpki-configure
----------------------------------
ROOT [deployment]$ ls /usr/local/etc/openxpki/
openxpki.conf
----------------------------------
ROOT [deployment]$ ls /usr/share/openxpki/templates/default/
acl.xml
auth.xml
config.xml
database.xml
...
workflow_def_smartcard_personalization.xml
workflow_validator_certificate_revocation_request.xml
workflow_validator_certificate_signing_request.xml
workflow.xml
OK, looks good.
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
ROOT [deployment]$ openxpki-configure --createdirs
>a
Directories
prefix [/usr/local]: [/usr/local]
sysconfdir [$(dir.prefix)/etc]: [$(dir.prefix)/etc]
localstatedir [$(dir.prefix)/var]: [$(dir.prefix)/var]
openxpkistatedir [$(dir.localstatedir)/openxpki]:
[$(dir.localstatedir)/openxpki]
tmpdir [$(dir.localstatedir)/tmp]: [$(dir.localstatedir)/tmp]
installprefix (only for package builds):
>b
Auxiliary programs and files
OpenSSL Binary (0.9.8 or higher) [/usr/bin/openssl]:
/home/giang/.myapps/openssl-0.9.8d/bin/openssl
Electric Fence 2.2.0 Copyright (C) 1987-1999 Bruce Perens
<[EMAIL PROTECTED]>
>c
OpenXPKI server settings
runuser [openxpki]: [openxpki]
rungroup [openxpki]: [openxpki]
>d
Database setup
Server ID (unique for each distinct node) [0]: [0]
Server shift (must be the same for all nodes) [8]: [8]
Database type (SQLite, DB2, Oracle, MySQL, PostgreSQL) [SQLite]: MySQL
Database name [$(dir.openxpkistatedir)/sqlite.db]: openxpkidb
host:
port:
user:
passwd:
namespace:
>e
Deployment options
XML Configuration style (all-in-one or multi-file) [multi-file]:
[multi-file]
>f (all options left as defaults)
Global configuration
>NOTE: This is a multi-valued setting with the following current values:
>Realm 1
>To delete an existing entry: enter '*DELETE'
PKI Realms (symbolic keyword for any PKI Realm to be enabled) [Realm 1]:
[Realm 1]
PKI Realms (symbolic keyword for any PKI Realm to be enabled):
>g
Write modified config? (Y/N) Y
Creating configuration (multiple XML files)...
* Creating configuration files in /usr/local/etc/openxpki
log.conf... done
acl.xml... done
auth.xml... done
config.xml... done
database.xml... done
...
workflow_validator_certificate_revocation_request.xml... done
workflow_validator_certificate_signing_request.xml... done
workflow.xml... done
* Checking directories
openxpkistatedir: /usr/local/var/openxpki: OK
openxpkisessiondir: /usr/local/var/openxpki/session: OK
dataexchange: /usr/local/var/openxpki/dataexchange: OK
tmpdir: /usr/local/var/tmp: OK
OpenXPKI instance configured successfully.
----------------------------------
ROOT [deployment]$ ls /usr/local/etc/openxpki/
acl.xml
auth.xml
config.xml
database.xml
...
workflow_validator_certificate_revocation_request.xml
workflow_validator_certificate_signing_request.xml
workflow.xml
OK, looks good.
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
mysql> show databases;
+----------+
| Database |
+----------+
| mysql |
| test |
+----------+
2 rows in set (0.00 sec)
mysql>
mysql> create database openxpkidb;
Query OK, 1 row affected (0.02 sec)
mysql> show databases;
+------------+
| Database |
+------------+
| mysql |
| openxpkidb |
| test |
+------------+
3 rows in set (0.00 sec)
mysql>
----------------------------------
ROOT [deployment]$ openxpkiadm initdb
Database type: MySQL
Database 'log' initialized.
----------------------------------
mysql> use openxpkidb;
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
mysql> show tables;
+----------------------------+
| Tables_in_openxpkidb |
+----------------------------+
| aliases |
| audittrail |
| certificate |
| certificate_attributes |
| crl |
| crr_attributes |
| csr |
| csr_attributes |
| secret |
| seq_certificate |
| seq_certificate_attributes |
| seq_crl |
| seq_crr |
| seq_csr |
| seq_csr_attributes |
| seq_dataexchange |
| seq_global_id |
| seq_secret |
| seq_workflow |
| seq_workflow_history |
| seq_workflow_version |
| workflow |
| workflow_context |
| workflow_history |
+----------------------------+
24 rows in set (0.00 sec)
OK, looks good.
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
ROOT [deployment]$ openxpkictl start
Starting OpenXPKI...
system.info: Initialization task 'xml_config' finished
system.info: Initialization task 'i18n' finished
DONE.
---------------------------------------------
BUT this is in /usr/local/var/openxpki/openxpki.log:
2007/01/23 17:32:41 openxpki.system.INFO [OpenXPKI::Server::Init
(/usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/OpenXPKI/Server/Init.pm:141)]
Initialization task 'log' finished
2007/01/23 17:32:41 openxpki.system.INFO [OpenXPKI::Server::Init (141)]
Initialization task 'redirect_stderr' finished
2007/01/23 17:32:41 openxpki.system.INFO [OpenXPKI::Server::Init (141)]
Initialization task 'prepare_daemon' finished
2007/01/23 17:32:41 openxpki.system.INFO [OpenXPKI::Server::Init (141)]
Initialization task 'dbi_backend' finished
2007/01/23 17:32:41 openxpki.system.INFO [OpenXPKI::Server::Init (141)]
Initialization task 'dbi_workflow' finished
2007/01/23 17:32:41 openxpki.system.INFO [OpenXPKI::Server::Init (141)]
Initialization task 'crypto_layer' finished
2007/01/23 17:32:42 openxpki.system.INFO [OpenXPKI::Server::Init (141)]
Attached default token for PKI realm
'I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA'
2007/01/23 17:32:42 openxpki.system.INFO [OpenXPKI::Server::Init (141)]
Accepted 'default' endentity notafter validity (relativedate: +01) for PKI
realm 'I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA'
2007/01/23 17:32:42 openxpki.system.INFO [OpenXPKI::Server::Init (141)]
Accepted 'I18N_OPENXPKI_PROFILE_USER' endentity notafter validity
(relativedate: +0006) for PKI realm 'I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA'
2007/01/23 17:32:42 openxpki.system.INFO [OpenXPKI::Server::Init (141)]
Accepted 'I18N_OPENXPKI_PROFILE_TLS_SERVER' endentity notafter validity
(relativedate: +0003) for PKI realm 'I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA'
2007/01/23 17:32:42 openxpki.system.INFO [OpenXPKI::Server::Init (141)]
Accepted 'default' selfsignedca notafter validity (relativedate: +02000001)
for PKI realm 'I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA'
2007/01/23 17:32:42 openxpki.system.INFO [OpenXPKI::Server::Init (141)]
Accepted 'testdummyca1' selfsignedca notafter validity (relativedate:
+02000001) for PKI realm 'I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA'
2007/01/23 17:32:42 openxpki.system.INFO [OpenXPKI::Server::Init (141)]
Accepted 'testdummyca2' selfsignedca notafter validity (relativedate:
+02000001) for PKI realm 'I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA'
2007/01/23 17:32:42 openxpki.system.INFO [OpenXPKI::Server::Init (141)]
Accepted 'default' crl notafter validity (relativedate: +000014) for PKI
realm 'I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA'
2007/01/23 17:32:42 openxpki.system.INFO [OpenXPKI::Server::Init (141)]
Accepted 'testdummyca1' crl notafter validity (relativedate: +000014) for
PKI realm 'I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA'
2007/01/23 17:32:42 openxpki.system.INFO [OpenXPKI::Server::Init (141)]
Accepted 'testdummyca2' crl notafter validity (relativedate: +000014) for
PKI realm 'I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA'
2007/01/23 17:32:42 openxpki.system.WARN [OpenXPKI::Server::Init (141)]
Could not determine CA identifier for CA 'testdummyca1' (PKI realm
I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA)
2007/01/23 17:32:42 openxpki.monitor.WARN [OpenXPKI::Server::Init (141)]
Issuing CA 'testdummyca1' (PKI realm I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA)
is unavailable
2007/01/23 17:32:42 openxpki.system.WARN [OpenXPKI::Server::Init (141)]
Could not determine CA identifier for CA 'testdummyca2' (PKI realm
I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA)
2007/01/23 17:32:42 openxpki.monitor.WARN [OpenXPKI::Server::Init (141)]
Issuing CA 'testdummyca2' (PKI realm I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA)
is unavailable
2007/01/23 17:32:42 openxpki.system.WARN [OpenXPKI::Server::Init (141)]
Could not determine identifier for SCEP server 'testscepserver1' (PKI realm
I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA)
2007/01/23 17:32:42 openxpki.monitor.WARN [OpenXPKI::Server::Init (141)]
SCEP server 'testscepserver1' (PKI realm
I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA) is unavailable
2007/01/23 17:32:42 openxpki.system.INFO [OpenXPKI::Server::Init (141)]
Identified 0 issuing CAs for PKI realm
'I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA'
2007/01/23 17:32:42 openxpki.system.INFO [OpenXPKI::Server::Init (141)]
Identified 0 SCEP servers for PKI realm
'I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA'
2007/01/23 17:32:42 openxpki.system.INFO [OpenXPKI::Server::Init (141)]
Initialization task 'pki_realm' finished
2007/01/23 17:32:44 openxpki.system.INFO [OpenXPKI::Server::Init (141)]
Initialization task 'volatile_vault' finished
2007/01/23 17:32:44 openxpki.system.INFO [OpenXPKI::Server::Init (141)]
Initialization task 'acl' finished
2007/01/23 17:32:44 openxpki.system.INFO [OpenXPKI::Server::Init (141)]
Initialization task 'api' finished
2007/01/23 17:32:44 openxpki.system.INFO [OpenXPKI::Server::Init (141)]
Initialization task 'authentication' finished
2007/01/23 17:32:44 openxpki.system.INFO [OpenXPKI::Server::Init (141)]
Initialization task 'server' finished
2007/01/23 17:32:44 openxpki.system.INFO [OpenXPKI::Server
(/usr/lib/perl5/site_perl/5.8.5/i386-linux-thread-multi/OpenXPKI/Server.pm:142)]
Server initialization completed
2007/01/23 17:32:44 openxpki.system.INFO [OpenXPKI::Server (203)] Setting
socket file '/usr/local/var/openxpki/openxpki.socket' ownership to 1352/1352
2007/01/23 17:32:44 openxpki.system.INFO [OpenXPKI::Server (242)] Setting
gid to to 1352
2007/01/23 17:32:44 openxpki.system.INFO [OpenXPKI::Server (251)] Setting
uid to to 1352
there are warnings like "Could not determine CA identifier for CA
'testdummyca1'" etc, Identified 0 issuing CAs for PKI realm
'I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA'
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
pressing on:
ROOT [deployment]$ openxpkiadm key list --realm
I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA
CA keys:
Key for purpose CA with ID: testdummyca1
! /usr/local/etc/openxpki/ca/testdummyca1/cakey.pem
I18N_OPENXPKI_XML_CONFIG_GET_SUPER_XPATH_NO_INHERITANCE_FOUND; __XPATH__ =>
common[0]/token_config[0]/token[0]/secret[0]/method[0]ROOT [deployment]$
ok, /usr/local/etc/openxpki/ca/testdummyca1/cakey.pem doesnt exist, so:
---------------------------------------------
ROOT [deployment]$ mkdir -p /usr/local/etc/openxpki/ca/testdummyca1/
ROOT [deployment]$ touch /usr/local/etc/openxpki/ca/testdummyca1/cakey.pem
ROOT [deployment]$ openxpkiadm key list --realm
I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA
CA keys:
Key for purpose CA with ID: testdummyca1
0 /usr/local/etc/openxpki/ca/testdummyca1/cakey.pem
I18N_OPENXPKI_XML_CONFIG_GET_SUPER_XPATH_NO_INHERITANCE_FOUND; __XPATH__ =>
common[0]/token_config[0]/token[0]/secret[0]/method[0]ROOT [deployment]$
ok, /usr/local/etc/openxpki/ca/testdummyca1/cakey.pem is empty, so:
---------------------------------------------
ROOT [deployment]$ openxpkiadm key generate --realm
I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA --id testdummyca1
I18N_OPENXPKI_XML_CONFIG_GET_SUPER_XPATH_NO_INHERITANCE_FOUND; __XPATH__ =>
pki_realm[0]/token[0]/id[0]ROOT [deployment]$
ROOT [deployment]$
ROOT [deployment]$ echo $?
9
/usr/local/var/openxpki/openxpki.log shows:
2007/01/23 17:42:54 openxpki.system.INFO [OpenXPKI::Server::Init (141)]
Accepted 'testdummyca1' crl notafter validity (relativedate: +000014) for
PKI realm 'I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA'
2007/01/23 17:42:54 openxpki.system.INFO [OpenXPKI::Server::Init (141)]
Accepted 'testdummyca2' crl notafter validity (relativedate: +000014) for
PKI realm 'I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA'
2007/01/23 17:42:54 openxpki.system.WARN [OpenXPKI::Server::Init (141)]
Could not determine identifier for SCEP server 'testscepserver1' (PKI realm
I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA)
2007/01/23 17:42:54 openxpki.monitor.WARN [OpenXPKI::Server::Init (141)]
SCEP server 'testscepserver1' (PKI realm
I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA) is unavailable
2007/01/23 17:42:54 openxpki.system.INFO [OpenXPKI::Server::Init (141)]
Identified 0 issuing CAs for PKI realm
'I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA'
2007/01/23 17:42:54 openxpki.system.INFO [OpenXPKI::Server::Init (141)]
Identified 0 SCEP servers for PKI realm
'I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA'
so sitll no issuing CA's detected.
here's my config.xml:
---------------------------------------------
<openxpki>
<common>
<log_config>/usr/local/etc/openxpki/log.conf</log_config>
<server>
<user>openxpki</user>
<group>openxpki</group>
<socket_file>/usr/local/var/openxpki/openxpki.socket</socket_file>
<pid_file>/usr/local/var/openxpki/openxpki.pid</pid_file>
<session_dir>/usr/local/var/openxpki/session</session_dir>
<connection_timeout>120</connection_timeout>
<session_lifetime>1200</session_lifetime>
<stderr>/usr/local/var/openxpki/stderr.log</stderr>
<tmpdir>/usr/local/var/tmp</tmpdir>
<transport>Simple</transport>
<serialization>Simple</serialization>
<serialization>JSON</serialization>
<service>Default</service>
<service>SCEP</service>
</server>
<i18n>
<locale_directory>/usr/local/share/locale</locale_directory>
<default_language>C</default_language>
</i18n>
<data_exchange>
<export>
<dir>/usr/local/var/openxpki/dataexchange/export</dir>
</export>
<import>
<dir>/usr/local/var/openxpki/dataexchange/import</dir>
</import>
</data_exchange>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude";
href="database.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude";
href="token.xml"/>
</common>
<pki_realm name="I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA">
<common id="default">
<!-- default token (used for general crypto operations not requiring
private key operations) -->
<token super="common/token_config/token{default}"/>
<secret>
<group id="default"
label="I18N_OPENXPKI_CONFIG_DEFAULT_SECRET_AUTHENTICATION_GROUP">
<method id="plain">
<parts>1</parts>
</method>
<cache>
<type>daemon</type>
<usage_count>-1</usage_count>
</cache>
</group>
</secret>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude";
href="profile.xml"/>
</common>
<!-- Issuing CAs defined for this realm -->
<!-- 'id' is the internal CA identifier -->
<ca id="testdummyca1">
<token super="common/token_config/token{testdummyca1}"/>
<!-- CONFIG -->
<cert>
<alias>testdummyca1</alias>
<realm>I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA</realm>
</cert>
<crl_publication>
<file>
<filename>/usr/local/etc/openxpki/ca/testdummyca1/crl.pem</filename>
<format>PEM</format>
</file>
<!--
<ldap>
<server></server>
<port></port>
<bind_dn></bind_dn>
<pass></pass>
<base_dn></base_dn>
<search_dn></search_dn>
</ldap>
-->
</crl_publication>
</ca>
<ca id="testdummyca2">
<token super="common/token_config/token{testdummyca2}"/>
<!-- CONFIG -->
<cert>
<alias>testdummyca2</alias>
<realm>I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA</realm>
</cert>
<crl_publication>
<file>
<filename>/usr/local/etc/openxpki/ca/testdummyca2/crl.pem</filename>
<format>PEM</format>
</file>
<!--
<ldap>
<server></server>
<port></port>
<bind_dn></bind_dn>
<pass></pass>
<base_dn></base_dn>
<search_dn></search_dn>
</ldap>
-->
</crl_publication>
</ca>
<!-- Subsystems defined for this realm -->
<!-- 'id' is the subsystem identifier -->
<scep id="testscepserver1">
<cert>
<alias>testscepserver1</alias>
<realm>I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA</realm>
</cert>
<token super="common/token_config/token{testscepserver1}"/>
</scep>
<pkcs7 id="testsceppkcs7tool1">
<token super="common/token_config/token{testsceppkcs7tool1}"/>
</pkcs7>
<createjavakeystore id="testcreatejavakeystore">
<token super="common/token_config/token{testcreatejavakeystore}"/>
</createjavakeystore>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"; href="auth.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude"; href="acl.xml"/>
<xi:include xmlns:xi="http://www.w3.org/2001/XInclude";
href="workflow.xml"/>
</pki_realm>
</openxpki>
---------------------------------------------
/usr/local/var/openxpki/stderr.log shows:
2007/01/23-17:32:44 OpenXPKI::Server (type Net::Server::Fork) starting!
pid(26500)
Binding to UNIX socket file /usr/local/var/openxpki/openxpki.socket using
SOCK_STREAM
Group Not Defined. Defaulting to EGID '0 10 6 4 3 2 1 0'
User Not Defined. Defaulting to EUID '0'
Setting gid to "1352"
Setting uid to "1352"
though i do have:
ROOT [deployment]$ grep openxpki /etc/passwd
openxpki:x:1352:1352::/home/openxpki:/bin/bash
ROOT [deployment]$
ROOT [deployment]$ grep openxpki /etc/group
openxpki:x:1352:
does it matter here?
thanks.
_________________________________________________________________
Get in the mood for Valentine's Day. View photos, recipes and more on your
Live.com page.
http://www.live.com/?addTemplate=ValentinesDay&ocid=T001MSN30A0701
-------------------------------------------------------------------------
Take Surveys. Earn Cash. Influence the Future of IT
Join SourceForge.net's Techsay panel and you'll get the chance to share your
opinions on IT & business topics through brief surveys - and earn cash
http://www.techsay.com/default.php?page=join.php&p=sourceforge&CID=DEVDEV
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
