Oops :) Here is a list of the directory:
root@server:/etc/openxpki/ssl/ca-one# ls -lah total 44K drwxr-x--- 2 openxpki root 4.0K Sep 21 16:47 . drwxr-x--- 3 openxpki root 4.0K Jul 30 2014 .. -r--r--r-- 1 openxpki root 2.7K Sep 21 16:47 ca-one-scep-1.crt -r-------- 1 openxpki root 3.3K Sep 21 16:46 ca-one-scep-1.pem -r--r--r-- 1 openxpki root 2.3K Sep 21 16:45 ca-one-signer-1.crt -r-------- 1 openxpki root 3.3K Sep 21 16:45 ca-one-signer-1.pem -r--r--r-- 1 openxpki root 2.7K Sep 21 16:46 ca-one-vault-1.crt -r-------- 1 openxpki root 3.3K Sep 21 16:46 ca-one-vault-1.pem -r--r--r-- 1 openxpki root 2.3K Sep 21 16:45 ca-root-1.crt -r-------- 1 openxpki root 3.3K Sep 21 16:44 ca-root-1.pem -r-------- 1 openxpki root 236 Mar 31 05:29 README.md root@knox:/etc/openxpki/ssl/ca-one# I was doing some thinking, to use the key files I generated, the system would need to know the passwords that I used on them. Where do I specify those passwords? And looking at the file you mentoned when I log in is starting to look like it confirms my suspicions: 2015/09/22 10:30:22 openxpki.system.ERROR:4813 [OpenXPKI::Crypto::CLI (/usr/lib/perl5/OpenXPKI/Crypto/CLI.pm:435); raop(RA Operator)@8f9f] OpenSSL error: unable to load signing key file 140348975507112:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:539: 140348975507112:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:483: 2015/09/22 10:30:22 openxpki.system.ERROR:4813 [OpenXPKI::Crypto::CLI (435); raop(RA Operator)@8f9f] OpenSSL error: unable to load signing key file 139870165116584:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:539: 139870165116584:error:0906A065:PEM routines:PEM_do_header:bad decrypt:pem_lib.c:483: On Tue, Sep 22, 2015 at 9:56 AM, Oliver Welter <[email protected]> wrote: > Hi Kevin, > > Am 22.09.2015 um 15:42 schrieb Kevin Waller: > >> Hello, >> I just did a fresh install of openxpki on wheezy from the repos as >> specified in the quickstart guide. >> >> System version is Version (core): 0.34.1 >> > > oops - I should upload the 0.36 we did last week to the server =) > > I created my own certs in this signed order >> [Root] (Self) >> --[Signer] (Signed by root) >> --[Vault] (Signed by root) >> --[SCEP] (Signed by root) >> >> They all loaded/imported without error, and everything looked happy. >> > > When I go into the web interface it shows that all my certs are offline >> (I am assuming this is not good). >> > The check for the SCEP cert is known to be broken but the others should be > definitly green. > * Did you place the private keys into /etc/openxpki/ssl/ca-one > * Check the naming (ca-one-signer-01.pem, ca-one-vault-01.pem, > ca-one-scep-01.pem) > * Are the keys readable by the openxpki user > > When I look at a workflow for one of the CRL issue attempt, it says >> "This workflow was interrupted by an unexpected event, please contact >> the support team!" >> > Have a look at /var/openxpki/openxpki.log - I guess it says soemthing like > "token unusable". > > Oliver > > -- > Protect your environment - close windows and adopt a penguin! > > > > ------------------------------------------------------------------------------ > > _______________________________________________ > OpenXPKI-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/openxpki-users > >
------------------------------------------------------------------------------
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
