Hello again, I did a bit more of testing: generate crl, create certificates, revoke a certificate, regenerate the crl and found that there is no problem here. Everything works as expected. Only the scep enrollment didn't work.
After checking again the logs (openxpki.log) I noticed a suspicious entry: 2015/12/14 09:05:39 openxpki.system.ERROR:1923 [OpenXPKI::Crypto::CLI (435); raop(RA Operator)@08ee] OpenSSL error: Using configuration from /var/tmp/openxpki19239E0vq3Zb Check that the request matches the signature Signature ok end of string encountered while processing type of subject name element #3 And indeed, while generating my playing certificate and the csr, I didn't specify a common name. When specifying the CN attribute then the workflow finished successfully ! Maybe the error message (or workflow failure reason) could be kind of more exact. Another point, regarding the system status: Is it possible that when having no crl generated (even an empty one) the system status is indicated as critical ? Regards, Marian On 12/13/15 16:57, Marian Thieme wrote: > I used the openxpki script > /usr/share/doc/libopenxpki-perl/examples/sampleconfig.sh > > The System Status page lists 2 tokens with status online: > certsign and datasafe > > I noticed, on the top of that page there is a warning saying: your > system status is critical ! > > > On 12/13/15 09:37, Oliver Welter wrote: >> Hi, >> >> Am 12.12.2015 um 14:52 schrieb Marian Thieme: >>> Afterwards I manually approved it but for some reason I cannot finish >>> it. It keeps in state PREPARED (Paused) with reason: "Certificate >>> signing token is not online" >>> >>> Will reconsult the SCEP docs and revise what I did so far. >> >> This is not scep related, your CA key is not usable. Did you use the >> sampleconfig script or did you create your keys by hand? >> >> Check the "Information -> System Status" page, you should see a >> "certsign" token here and this must be online. >> >> Oliver >> >> >> >> ------------------------------------------------------------------------------ >> >> >> >> _______________________________________________ >> OpenXPKI-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/openxpki-users >> ------------------------------------------------------------------------------ _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
