Dearest OpenPKI Users,
I have been trying to get OpenXPKI working after discovering it.
I am using an AMD x86_64 Redhat Enterprise edition box, installing OpenXPKI
into a Xen instance.
I have it installed, and everything looks great but when I login as external
dynamic "someUser", password "User", issue a CSR, and then login as "someRA"
password "RA Operator" and try signing the certificate, the web gui seems to
just loop, flipping between "Certificate Signing Request #2559 (APPROVAL)" and
Certificate Signing Request: Approval screens, when I click "Approve CSR with
Signature" it just goes back to the Certificate signing request (APPROVAL)
screen, clicking "Approve CSR" just takes me back tpo the Signing request
screen. This seems to continue forever no matter what I try...
I know I got all the perl mods install properly, but here are some outputs from
various commands and conf files. Perhapse someone knows whats wrong here?
My install went something like this:
download and unpack: apache-1.39, mod_perl, OpenXPKI-0.9.1084.tar.gz,
OpenXPKI-Client-0.9.985.tar.gz, OpenXPKI-Client-HTML-Mason-0.9.1086.tar.gz,
openxpki-deployment-0.9.1068.tar.gz, openxpki-i18n-0.9.1086.tar.gz
compile apache and mod_perl from source since EL5 doesnt have RPMs for them,
install all needed perl modules using CPAN, install OpenXPKI, OpenXPKI-Client,
OpenXPKI-Client-HTML-Mason, openxpki-deployment, openxpki-i18n
I am running Server: Apache/1.3.39 (Unix) mod_perl/1.30 on with perl -v
This is perl, v5.8.8 built for x86_64-linux-thread-multi
I added the following to the end of my httpd.conf file, and mason seemed to
function properly:
PerlAddVar MasonDataDir "/usr/var/openxpki"
PerlAddVar MasonCompRoot "/usr/local/apache/htdocs"
PerlAddVar MasonAllowGlobals "$context"
PerlAddVar MasonAllowGlobals "%session_cache"
# Serve these requests through Mason.
<LocationMatch "\.html$">
SetHandler perl-script
PerlHandler OpenXPKI::Client::HTML::Mason::ApacheHandler
</LocationMatch>
# this is necessary to make internet explorer happy because it do not
understand content types
<LocationMatch "\.crt$">
SetHandler perl-script
PerlHandler OpenXPKI::Client::HTML::Mason::ApacheHandler
</LocationMatch>
# Hide private components from users.
<LocationMatch "(handler|mhtml)$">
Order allow,deny
Deny from all
</LocationMatch>
# you have to set the locale prefix, the location of the socket file and
# the session directory using environment variables
SetEnv OPENXPKI_SOCKET_FILE /usr/var/openxpki/openxpki.socket
SetEnv OPENXPKI_LOCALE_PREFIX /usr/share/locale
SetEnv OPENXPKI_MASON_SESSION_DIR /usr/var/openxpki/session
then i ran openxpkiadm deploy, and set it to use a MySQL backend, created an
openxpki db, then ran openxpkiadm initdb which set up the DB which worked fine.
openxpkiadm key generate --realm I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA --group
default
Generating keys for secret group default
Secret method is: plain (n = 1, k = 1)
Please enter password share 1/1:
Please enter the same password share again to make sure it was typed correctly.
Please enter password share 1/1:
Choose options for key for purpose 'CA' with id 'testdummyca1'
Please choose one of the following key types:
- DSA
- EC
- RSA
Key type: DSA
Please choose one of the following key lengths:
- 512
- 768
- 1024
- 2048
- 4096
Key length: 2048
Please choose one of the following key encryption algorithms:
- default
- aes256
- aes192
- aes128
- idea
- des3
- des
Encryption algorithm: default
Creating key, please be patient ...
Enter Encryption Password:
Verifying - Enter Encryption Password:
Key successfully written to /usr/etc/openxpki/ca/testdummyca1/cakey.pem
then sign a CA cert with this key:
openssl req -new -x509 -extensions v3_ca -key
/usr/etc/openxpki/ca/testdummyca1/cakey.pem -out cacert.pem -days 700
import the cert into openxpki:
openxpkiadm certificate import --file cacert.pem
Successfully imported certificate into database:<snip>
openxpkiadm certificate import Identifier: 4Qv6zteNEd_P34XnusO9wH-pHZc
then I alias this:
openxpkiadm certificate alias --config /usr/etc/openxpki/config.xml --realm
I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA --alias testdummyca1 --identifier
4Qv6zteNEd_P34XnusO9wH-pHZc
Successfully created alias in realm I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA:
Alias : testdummyca1
Identifier: 4Qv6zteNEd_P34XnusO9wH-pHZc
and it seemed to work:
#openxpkiadm certificate list
Certificates in I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA:
Identifier: 4Qv6zteNEd_P34XnusO9wH-pHZc
Alias:
testdummyca1
So, then I go into the web gui, login as CA, CA Operator, go to "Key Status"
and unlock the key.
Now under CA Info, list issuing CA's I see:
CA Identifier Status Not before Not after CA certificate
chain
testdummyca1 Usable 2008-02-04 19:21:57 UTC 2010-01-04 19:21:57 UTC
testdummyca1
Then I login as aUser, "User" password, and create a CSR. I get this listing
when logging out and back in as aUser:
Certificate Signing Request (CSR) 1279 PENDING 2008-02-04
19:51:48
So I try signing it with aRA/RA Operator user:
And under pending CSRs I see:
Certificate Signing Request #1279 (PENDING)
1279 2008-02-04 19:51:48 CN=fully.qualified.example.com,DC=Test
Deployment,DC=OpenXPKI,DC=org
DNS:fully.qualified.example.com TLS Server profile Web Server
aUser
I select it, and click "Approve CSR"
this takes me to:
Certificate Signing Request: Approval
To approve this certificate signing request, you can either approve with or
without signature. Please choose the appropriate button to approve the
certificate request.
where I again click "Approve the CSR with Digital Signature"
I get the popup
"I18N_OPENXPKI_CLI_HTML_MASON_JAVASCRIPT_SIGN_FORM_MOZILLA_UNKNOWN_ERROR" and
after clicking it away, I am back to this screen:
Workflow instance
These are the possible activities for the shown workflow instance.
Name Value
Workflow serial 1279
Workflow state APPROVAL
Workflow type Certificate Signing Request (CSR)
Description This is the workflow to handle a certificate signing request at
once.
Last update 2008-02-04T19:56:56
There is a "Approve CSR" button at the bottom, clicking that just takes me back
to the digital signing screen from above.
It seems like I'm really close here, anyone have ideas on what might be causing
this behavior?
If I log back in as aUser after going through the loop above as RA, I see this:
Workflow type Workflow serial Workflow state Last update
Certificate Signing Request (CSR) 1279 APPROVAL 2008-02-04
20:01:49
It seems to be stuck in Workflow state "APPROVAL" What can I do to make it get
past this?
Contents of my openxpki.log after starting with --debug 128:
Note these lines: Attached CA token for issuing CA 'testdummyca1' of PKI realm
'I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA'
2008/02/04 14:07:53 openxpki.system.INFO [OpenXPKI::Server::Init (153)] Issuing
CA testdummyca1 of PKI realm 'I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA' validity
is 2008-02-04 19:21:57 - 2010-01-04 19:21:57
2008/02/04 14:07:54 openxpki.system.INFO [OpenXPKI::Server::Init (153)]
Identified 1 issuing CAs for PKI realm 'I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA'
2008/02/04 14:07:20 openxpki.system.INFO [OpenXPKI::Server::Init
(/usr/lib64/perl5/site_perl/5.8.8/x86_64-linux-thread-multi/OpenXPKI/Server/Init.pm:153)]
Initialization task 'log' finished
2008/02/04 14:07:20 openxpki.system.INFO [OpenXPKI::Server::Init (153)]
Initialization task 'dbi_log' finished
2008/02/04 14:07:20 openxpki.system.INFO [OpenXPKI::Server::Init (153)]
Initialization task 'redirect_stderr' finished
2008/02/04 14:07:20 openxpki.system.INFO [OpenXPKI::Server::Init (153)]
Initialization task 'prepare_daemon' finished
2008/02/04 14:07:20 openxpki.system.INFO [OpenXPKI::Server::Init (153)]
Initialization task 'dbi_backend' finished
2008/02/04 14:07:20 openxpki.system.INFO [OpenXPKI::Server::Init (153)]
Initialization task 'dbi_workflow' finished
2008/02/04 14:07:35 openxpki.system.INFO [OpenXPKI::Server::Init (153)]
Initialization task 'xml_config' finished
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition 'ACL::create_csr'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition
'server_key_generation'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition
'ACL::change_csr_role'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition
'ACL::change_csr_profile'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition
'ACL::change_csr_subject'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition
'ACL::change_csr_subject_alt_name'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition
'ACL::change_csr_info'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition 'ACL::approve_csr'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition 'ACL::reject_csr'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition 'ACL::insert_csr'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition
'Condition::check_csr_approvals'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition 'ACL::approve_csr'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition
'ACL::cancel_csr_approval'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition 'ACL::reject_csr'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition
'wf_child_instance_finished'
2008/02/04 14:07:47 Workflow.Factory.INFO Added all workflow states...
2008/02/04 14:07:47 Workflow.Factory.INFO Added observers to
'I18N_OPENXPKI_WF_TYPE_CERTIFICATE_SIGNING_REQUEST':
OpenXPKI::Server::Workflow::Observer::Debug
2008/02/04 14:07:47 Workflow.Factory.INFO Added all workflow observers...
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition
'ACL::start_certificate_issuance'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition
'valid_csr_serial_present'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition 'ca_key_usable'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition 'ca_key_usable'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition 'use_ldap'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition
'wf_child_instance_finished'
2008/02/04 14:07:47 Workflow.Factory.INFO Added all workflow states...
2008/02/04 14:07:47 Workflow.Factory.INFO Added observers to
'I18N_OPENXPKI_WF_TYPE_CERTIFICATE_ISSUANCE':
OpenXPKI::Server::Workflow::Observer::Debug
2008/02/04 14:07:47 Workflow.Factory.INFO Added all workflow observers...
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition
'ACL::certificate_ldap_publishing'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition 'ldap_dn_available'
2008/02/04 14:07:47 Workflow.Factory.INFO Added all workflow states...
2008/02/04 14:07:47 Workflow.Factory.INFO Added observers to
'I18N_OPENXPKI_WF_TYPE_CERTIFICATE_LDAP_PUBLISHING':
2008/02/04 14:07:47 Workflow.Factory.INFO Added all workflow observers...
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition 'ACL::create_crr'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition
'ACL::change_crr_invalidity_time'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition
'ACL::change_crr_reason'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition 'ACL::approve_crr'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition 'ACL::reject_crr'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition
'ACL::revoke_certificate'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition
'Condition::check_crr_approvals'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition 'ACL::approve_crr'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition
'ACL::cancel_crr_approval'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition 'ACL::reject_crr'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition 'ACL::insert_crr'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition
'certificate_not_yet_revoked'
2008/02/04 14:07:47 Workflow.Factory.INFO Added all workflow states...
2008/02/04 14:07:47 Workflow.Factory.INFO Added observers to
'I18N_OPENXPKI_WF_TYPE_CERTIFICATE_REVOCATION_REQUEST':
OpenXPKI::Server::Workflow::Observer::Debug
2008/02/04 14:07:47 Workflow.Factory.INFO Added all workflow observers...
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition
'ACL::start_crl_issuance'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition 'ca_key_usable'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition 'ca_key_usable'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition
'crl_signing_cas_left'
2008/02/04 14:07:47 Workflow.Factory.INFO Added all workflow states...
2008/02/04 14:07:47 Workflow.Factory.INFO Added observers to
'I18N_OPENXPKI_WF_TYPE_CRL_ISSUANCE':
2008/02/04 14:07:47 Workflow.Factory.INFO Added all workflow observers...
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition
'valid_signature_with_requested_dn'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition
'is_initial_enrollment'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition
'initial_enrollment_allowed'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition
'auto_renewal_allowed'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition
'correct_number_of_valid_certs'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition 'correct_timing'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition 'ACL::persist_csr'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition
'auto_approval_allowed'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition
'signed_using_original_cert'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition
'auto_approval_allowed'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition
'signed_using_original_cert'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition
'ACL::change_csr_role'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition
'ACL::change_csr_profile'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition
'ACL::change_csr_subject_style'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition
'ACL::change_csr_subject'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition
'ACL::change_csr_subject_alt_name'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition 'ACL::approve_csr'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition 'ACL::reject_csr'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition 'ACL::persist_csr'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition
'Condition::check_csr_approvals'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition 'ACL::approve_csr'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition
'ACL::cancel_csr_approval'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition 'ACL::reject_csr'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition
'wf_child_instance_success'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition
'wf_child_instance_failure'
2008/02/04 14:07:47 Workflow.Factory.INFO Added all workflow states...
2008/02/04 14:07:47 Workflow.Factory.INFO Added observers to
'I18N_OPENXPKI_WF_TYPE_SCEP_REQUEST':
2008/02/04 14:07:47 Workflow.Factory.INFO Added all workflow observers...
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition
'ACL::smartcard_personalization'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition
'certificate_issuance_possible'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition 'ACL::fail_workflow'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition 'more_csrs_to_create'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition 'approval_needed'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition 'ACL::fail_workflow'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition 'ACL::persist_csr'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition
'Condition::check_csr_approvals'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition 'ACL::approve_csr'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition 'ACL::reject_csr'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition 'ACL::fail_workflow'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition 'ACL::fail_workflow'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition
'wf_children_instances_finished'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition
'wf_child_instance_failure'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition 'ACL::fail_workflow'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition
'wf_children_instances_finished'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition 'ACL::fail_workflow'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition 'ACL::fail_workflow'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition 'test_result_ok'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition 'more_certs_to_test'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition 'test_result_ok'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition 'ACL::fail_workflow'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition 'ACL::fail_workflow'
2008/02/04 14:07:47 Workflow.State.INFO Fetching condition 'ACL::fail_workflow'
2008/02/04 14:07:47 Workflow.Factory.INFO Added all workflow states...
2008/02/04 14:07:47 Workflow.Factory.INFO Added observers to
'I18N_OPENXPKI_WF_TYPE_SMARTCARD_PERSONALIZATION':
OpenXPKI::Server::Workflow::Observer::Debug,
OpenXPKI::Server::Workflow::Observer::AddExecuteHistory
2008/02/04 14:07:47 Workflow.Factory.INFO Added all workflow observers...
2008/02/04 14:07:48 Workflow.Persister.INFO Initializing persister 'OpenXPKI'
2008/02/04 14:07:48 openxpki.system.INFO
[OpenXPKI::Server::Workflow::Persister::DBI
(/usr/lib64/perl5/site_perl/5.8.8/x86_64-linux-thread-multi/OpenXPKI/Server/Workflow/Persister/DBI.pm:42)]
Assigned workflow generator
'OpenXPKI::Server::Workflow::Persister::DBI::SequenceId'; history generator
'OpenXPKI::Server::Workflow::Persister::DBI::SequenceId
2008/02/04 14:07:48 openxpki.system.INFO [OpenXPKI::Server::Init (153)]
Initialization task 'workflow_factory' finished
2008/02/04 14:07:48 openxpki.system.INFO [OpenXPKI::Server::Init (153)]
Initialization task 'crypto_layer' finished
2008/02/04 14:07:53 openxpki.system.INFO [OpenXPKI::Server::Init (153)]
Attached default token for PKI realm 'I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA'
2008/02/04 14:07:53 openxpki.system.INFO [OpenXPKI::Server::Init (153)]
Accepted 'default' endentity notafter validity (relativedate: +01) for PKI
realm 'I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA'
2008/02/04 14:07:53 openxpki.system.INFO [OpenXPKI::Server::Init (153)]
Accepted 'I18N_OPENXPKI_PROFILE_USER' endentity notafter validity
(relativedate: +0006) for PKI realm 'I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA'
2008/02/04 14:07:53 openxpki.system.INFO [OpenXPKI::Server::Init (153)]
Accepted 'I18N_OPENXPKI_PROFILE_TLS_SERVER' endentity notafter validity
(relativedate: +0003) for PKI realm 'I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA'
2008/02/04 14:07:53 openxpki.system.INFO [OpenXPKI::Server::Init (153)]
Accepted 'default' selfsignedca notafter validity (relativedate: +02000001) for
PKI realm 'I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA'
2008/02/04 14:07:53 openxpki.system.INFO [OpenXPKI::Server::Init (153)]
Accepted 'testdummyca1' selfsignedca notafter validity (relativedate:
+02000001) for PKI realm 'I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA'
2008/02/04 14:07:53 openxpki.system.INFO [OpenXPKI::Server::Init (153)]
Accepted 'testdummyca2' selfsignedca notafter validity (relativedate:
+02000001) for PKI realm 'I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA'
2008/02/04 14:07:53 openxpki.system.INFO [OpenXPKI::Server::Init (153)]
Accepted 'default' crl notafter validity (relativedate: +000014) for PKI realm
'I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA'
2008/02/04 14:07:53 openxpki.system.INFO [OpenXPKI::Server::Init (153)]
Accepted 'testdummyca1' crl notafter validity (relativedate: +000014) for PKI
realm 'I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA'
2008/02/04 14:07:53 openxpki.system.INFO [OpenXPKI::Server::Init (153)]
Accepted 'testdummyca2' crl notafter validity (relativedate: +000014) for PKI
realm 'I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA'
2008/02/04 14:07:53 openxpki.system.INFO [OpenXPKI::Server::Init (153)]
Attached CA token for issuing CA 'testdummyca1' of PKI realm
'I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA'
2008/02/04 14:07:53 openxpki.system.INFO [OpenXPKI::Server::Init (153)] Issuing
CA testdummyca1 of PKI realm 'I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA' validity
is 2008-02-04 19:21:57 - 2010-01-04 19:21:57
2008/02/04 14:07:53 openxpki.system.WARN [OpenXPKI::Server::Init (153)] Could
not determine CA identifier for CA 'testdummyca2' (PKI realm
I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA)
2008/02/04 14:07:53 openxpki.monitor.WARN [OpenXPKI::Server::Init (153)]
Issuing CA 'testdummyca2' (PKI realm I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA) is
unavailable
2008/02/04 14:07:53 openxpki.system.WARN [OpenXPKI::Server::Init (153)] Could
not determine identifier for SCEP server 'testscepserver1' (PKI realm
I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA)
2008/02/04 14:07:53 openxpki.monitor.WARN [OpenXPKI::Server::Init (153)] SCEP
server 'testscepserver1' (PKI realm I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA) is
unavailable
2008/02/04 14:07:53 openxpki.system.INFO [OpenXPKI::Server::Init (153)]
Identified 1 issuing CAs for PKI realm 'I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA'
2008/02/04 14:07:53 openxpki.system.INFO [OpenXPKI::Server::Init (153)]
Identified 0 SCEP servers for PKI realm 'I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA'
2008/02/04 14:07:53 openxpki.system.INFO [OpenXPKI::Server::Init (153)]
Initialization task 'pki_realm' finished
2008/02/04 14:07:54 openxpki.system.INFO [OpenXPKI::Server::Init (153)]
Initialization task 'volatile_vault' finished
2008/02/04 14:07:54 openxpki.system.INFO [OpenXPKI::Server::Init (153)]
Initialization task 'acl' finished
2008/02/04 14:07:54 openxpki.system.INFO [OpenXPKI::Server::Init (153)]
Initialization task 'api' finished
2008/02/04 14:07:54 openxpki.system.DEBUG [OpenXPKI::Server::API
(/usr/lib64/perl5/site_perl/5.8.8/x86_64-linux-thread-multi/OpenXPKI/Server/API.pm:785)]
Method 'list_config_ids' called via API
2008/02/04 14:07:54 openxpki.system.INFO [OpenXPKI::Server::Init (153)]
Attached default token for PKI realm 'I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA'
2008/02/04 14:07:54 openxpki.system.INFO [OpenXPKI::Server::Init (153)]
Accepted 'default' endentity notafter validity (relativedate: +01) for PKI
realm 'I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA'
2008/02/04 14:07:54 openxpki.system.INFO [OpenXPKI::Server::Init (153)]
Accepted 'I18N_OPENXPKI_PROFILE_USER' endentity notafter validity
(relativedate: +0006) for PKI realm 'I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA'
2008/02/04 14:07:54 openxpki.system.INFO [OpenXPKI::Server::Init (153)]
Accepted 'I18N_OPENXPKI_PROFILE_TLS_SERVER' endentity notafter validity
(relativedate: +0003) for PKI realm 'I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA'
2008/02/04 14:07:54 openxpki.system.INFO [OpenXPKI::Server::Init (153)]
Accepted 'default' selfsignedca notafter validity (relativedate: +02000001) for
PKI realm 'I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA'
2008/02/04 14:07:54 openxpki.system.INFO [OpenXPKI::Server::Init (153)]
Accepted 'testdummyca1' selfsignedca notafter validity (relativedate:
+02000001) for PKI realm 'I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA'
2008/02/04 14:07:54 openxpki.system.INFO [OpenXPKI::Server::Init (153)]
Accepted 'testdummyca2' selfsignedca notafter validity (relativedate:
+02000001) for PKI realm 'I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA'
2008/02/04 14:07:54 openxpki.system.INFO [OpenXPKI::Server::Init (153)]
Accepted 'default' crl notafter validity (relativedate: +000014) for PKI realm
'I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA'
2008/02/04 14:07:54 openxpki.system.INFO [OpenXPKI::Server::Init (153)]
Accepted 'testdummyca1' crl notafter validity (relativedate: +000014) for PKI
realm 'I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA'
2008/02/04 14:07:54 openxpki.system.INFO [OpenXPKI::Server::Init (153)]
Accepted 'testdummyca2' crl notafter validity (relativedate: +000014) for PKI
realm 'I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA'
2008/02/04 14:07:54 openxpki.system.INFO [OpenXPKI::Server::Init (153)]
Attached CA token for issuing CA 'testdummyca1' of PKI realm
'I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA'
2008/02/04 14:07:54 openxpki.system.INFO [OpenXPKI::Server::Init (153)] Issuing
CA testdummyca1 of PKI realm 'I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA' validity
is 2008-02-04 19:21:57 - 2010-01-04 19:21:57
2008/02/04 14:07:54 openxpki.system.WARN [OpenXPKI::Server::Init (153)] Could
not determine CA identifier for CA 'testdummyca2' (PKI realm
I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA)
2008/02/04 14:07:54 openxpki.monitor.WARN [OpenXPKI::Server::Init (153)]
Issuing CA 'testdummyca2' (PKI realm I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA) is
unavailable
2008/02/04 14:07:54 openxpki.system.WARN [OpenXPKI::Server::Init (153)] Could
not determine identifier for SCEP server 'testscepserver1' (PKI realm
I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA)
2008/02/04 14:07:54 openxpki.monitor.WARN [OpenXPKI::Server::Init (153)] SCEP
server 'testscepserver1' (PKI realm I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA) is
unavailable
2008/02/04 14:07:54 openxpki.system.INFO [OpenXPKI::Server::Init (153)]
Identified 1 issuing CAs for PKI realm 'I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA'
2008/02/04 14:07:54 openxpki.system.INFO [OpenXPKI::Server::Init (153)]
Identified 0 SCEP servers for PKI realm 'I18N_OPENXPKI_DEPLOYMENT_TEST_DUMMY_CA'
2008/02/04 14:07:54 openxpki.system.INFO [OpenXPKI::Server::Init (153)]
Initialization task 'pki_realm_by_cfg' finished
2008/02/04 14:07:55 openxpki.system.INFO [OpenXPKI::Server::Init (153)]
Initialization task 'authentication' finished
2008/02/04 14:07:55 openxpki.system.INFO [OpenXPKI::Server::Init (153)]
Initialization task 'notification' finished
2008/02/04 14:07:55 openxpki.system.INFO [OpenXPKI::Server::Init (153)]
Initialization task 'server' finished
2008/02/04 14:07:55 openxpki.system.INFO [OpenXPKI::Server
(/usr/lib64/perl5/site_perl/5.8.8/x86_64-linux-thread-multi/OpenXPKI/Server.pm:119)]
Server initialization completed
2008/02/04 14:07:55 openxpki.system.INFO [OpenXPKI::Server (207)] Setting
socket file '/usr/var/openxpki/openxpki.socket' ownership to 500/500
2008/02/04 14:07:55 openxpki.system.INFO [OpenXPKI::Server (249)] Setting gid
to to 500
2008/02/04 14:07:55 openxpki.system.INFO [OpenXPKI::Server (262)] Setting uid
to to 500
Note, I also tried this on Linux version 2.6.8-powerpc ([EMAIL PROTECTED]) (gcc
version 3.3.5 (Debian 1:3.3.5-13)) #1 Thu Nov 24 00:17:15 UTC 2005
and I got the EXACT same result :( Please help! I think there is something
wrong with how I create/use the keys, but this part of the OpenXPki
documentation is nonexistant and even after reading this list I have yet to
figure out what I am doing wrong.
Ive tried using firefox 1.5.0.9 and 2.0.0.11, neither works. I also see that
mozilla error when signing the keys with the live cd version of Openxpki, but
after the error the livecd distro seems to actualy sign the key where as my
install just loops...
-Nate
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
