Hi Robert, > A brief question regarding this issue: Could you point me to the > location where the openxpki configuration is stored to retrieve the > certificate location/folder? Or briefly explain how the server retrieves > these certificates? Does the server use a specific path to e.g. > openssl.cnf ?
There is no openssl.cnf - its generated on the fly in a temporary location when we "do the crypto". The issuing *certificates* are never read from the disk but are also used from the database. You *must* have the private key readable at /etc/openxpki/ssl/ca-one/<aliasname>.pem, e.g. ca-one-signer-1.pem for the signer.
It might also be that they keys are readable but the password is wrong/not exist - did you protect your keys with a password and did you change this in the crypto.yaml ?
Oliver Am 04.08.2016 um 07:11 schrieb IT Crowdsource:
Hi,
I've have created a fresh install of openxpki on Debian Jessie. I've
checked the basic configuration several times and all seems to be OK.
I'm able to logon to the console where I see a message that I have to
create a CRL. If I trigger a CRL issue I'm getting an error message in
the GUI: Unknown error (toolkit command failed)
Tried to debug the error by starting openxpkictl start --debug 128
The stderr.log shows many error messages mostly related to openssl. Like
I18N_OPENXPKI_TOOLKIT_COMMAND_FAILED
/But also errors like these:/
2016-08-03 09:26:07.721976 DEBUG:16 PID:1805
OpenXPKI::Server::Workflow::execute_action (line 198): bubbled up error
- rethrow
2016-08-03 09:26:07.740090 DEBUG:128 PID:1805
OpenXPKI::Service::__get_error (line 133): $VAR1 = {
2016-08-03 09:26:07.743565 DEBUG:2 PID:1805
OpenXPKI::Service::__get_error (line 135): setup errors array
2016-08-03 09:26:07.743757 DEBUG:2 PID:1805
OpenXPKI::Service::__get_error (line 154): normalize error list
2016-08-03 09:26:07.743951 DEBUG:1 PID:1805
OpenXPKI::Service::__get_error (line 182): return serialized error list
As far as I understand now it’s probably an issue related to the
location and/or accessibility of the certificates:
|'STATUS' => 'OFFLINE',|
|'IDENTIFIER' => 'JE0cN5CI-4hb9ZPdEnPPc04jfyI',|
|'ALIAS' => 'ca-one-signer-1', |
Could anyone point me to the location where the openxpki configuration
is stored to retrieve the certificate location/folder? Or briefly
explain how the server retrieves these certificates? All permissions are
set correctly on the certificates. And all certificates are located in
the right default folder */etc/openxpki/ssl/ca-one/*
* *
**
* *
The certificates also seem to be imported properly from this same folder:
* *
* *
* *
With kind regards,
Robert Roos
------------------------------------------------------------------------------
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
-- Protect your environment - close windows and adopt a penguin!
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
