Re: [OpenXPKI-users] Problem with datasafe token

Wed, 10 Jan 2018 23:53:05 -0800 

Hello Markus,
in future please start a new mail thread with a "useful" subject line for each problem - this will become a bit hard to track otherwise.... 

This looks very similar to the problem that Andreas reported last week.

@Andreas - did you find a cause/solution?


First, at the system status page you see aftrer login, is the "datasafe" 
token shown as "ONLINE"?


What operating system are you using?
What is the version of openssl (openssl version)?

Can you check if the key blobs in your database look "good". In table 
datapool, namespace sys.datapool.keys the values should start with 
"----BEGIN PKCS7-----" and end with "-----END PKCS7-----".


Oliver

Am 09.01.2018 um 15:27 schrieb Markus Kastner via OpenXPKI-users:

Dear Oliver,


thank you so much for your help! I was able to get the UI up and 
running. Unfortunately I ran into trouble again. I'm seemingly not able 
to issue any certificates using the Infrastructure. The error I get on 
the openxpki.log is the following:



2018/01/09 14:48:20 ERROR I18N_OPENXPKI_CRYPTO_CLI_EXECUTE_FAILED; 
__EXIT_STATUS__ => 512 
[pid=17724|sid=D9nz|wftype=certificate_signing_request_v2|wfid=3583]
2018/01/09 14:48:20 ERROR I18N_OPENXPKI_TOOLKIT_COMMAND_FAILED; 
__COMMAND__ => 
OpenXPKI::Crypto::Backend::OpenSSL::Command::pkcs7_decrypt; __ERRVAL__ 
=> I18N_OPENXPKI_CRYPTO_CLI_EXECUTE_FAILED; __EXIT_ST$
2018/01/09 14:48:20 ERROR 
I18N_OPENXPKI_SERVER_API_OBJECT_GET_DATA_POOL_ENTRY_ENCRYPTION_KEY_UNAVAILABLE; 
__SAFE_ID__ => ca-one-vault-1; __NAMESPACE__ => sys.datapool.keys; 
__PKI_REALM__ => ca-one; __KEY$
2018/01/09 14:48:21 ERROR Caught exception from action: 
I18N_OPENXPKI_SERVER_API_OBJECT_GET_DATA_POOL_ENTRY_ENCRYPTION_KEY_UNAVAILABLE; 
__KEY__ => Dnw0IuvDKxE30ko9Gb1I8BQ5j80; __SAFE_ID__ => ca-one-vault$
2018/01/09 14:48:21 ERROR 
I18N_OPENXPKI_SERVER_WORKFLOW_ERROR_ON_EXECUTE; __ACTION__ => 
csr_persist_key_password; __ERROR__ => 
I18N_OPENXPKI_SERVER_API_OBJECT_GET_DATA_POOL_ENTRY_ENCRYPTION_KEY_UNAVAILAB$
2018/01/09 14:48:21 ERROR Error executing workflow activity 
'csr_retype_server_password' on workflow id 3583 (type 
certificate_signing_request_v2): 
I18N_OPENXPKI_SERVER_WORKFLOW_ERROR_ON_EXECUTE; __ERROR$
2018/01/09 14:48:21 ERROR 
I18N_OPENXPKI_SERVER_API_WORKFLOW_GET_WORKFLOW_INFO_NO_WORKFLOW_GIVEN; 
__ARGS__ => HASH(0x724a2f0) [pid=17724|sid=D9nz]



After reading the error log several times I conclude that there seems to 
be a key missing 
(I18N_OPENXPKI_SERVER_API_OBJECT_GET_DATA_POOL_ENTRY_ENCRYPTION_KEY_UNAVAILABLE) 
however I’m not able to figure out which one it is… Do you have any 
suggestions for me?



Just as additional information the .pem files are in 
/etc/openxpki/ssl/ca-one/ order and running openxpkiadm alias --realm 
ca-one returns:


=== functional token ===
ca-one-signer (certsign):
   Alias     : ca-one-signer-1
   Identifier: eU3VSWoYdMwPAJZN23W6EcFRhlw
   NotBefore : 2017-12-19 11:00:59
   NotAfter  : 2018-12-19 11:00:59

ca-one-scep (scep):
   Alias     : ca-one-scep-1
   Identifier: wOTSHqJV558ALdTfPnNuZubjYFw
   NotBefore : 2017-12-19 11:10:20
   NotAfter  : 2018-12-19 11:10:20

ca-one-vault (datasafe):
   Alias     : ca-one-vault-1
   Identifier: V2qV3EsSaGiUUkIvQRmoZDk7Z48
   NotBefore : 2017-12-19 11:09:29
   NotAfter  : 2018-12-19 11:09:29

=== root ca ===
current root ca:
   Alias     : root-1
   Identifier: 7K3Go4IUtFb12i_ncTPlwmhuIyY
   NotBefore : 2017-12-19 10:32:54
   NotAfter  : 2106-02-07 06:28:15


Kind regards,
Markus



On 30. Dec 2017, at 21:35, Oliver Welter <m...@oliwel.de 
<mailto:m...@oliwel.de>> wrote:


Hi Markus,


there is two times "utf8" in message: "en_US.utf8.UTF-8" - check the 
settings in the webui.conf and the general debian settings for the 
locales, there seems to be something wrong.


Oliver

Am 30.12.2017 um 16:15 schrieb Markus Kastner via OpenXPKI-users:

Dear Oliver,

thank you for your very quick reply. I’ve just checked out your 
suggestions but so far I wasn’t lucky… In order for you to maybe help 
me further I’ve attached the log file data. From what I can gather 
the webui still has a problem with the locals. Unfortunately I don’t 
know whats going wrong here, as locale -a | grep en_US replies with 
en_US.utf8.

 *
   openxpkictl status
     o
       OpenXPKI Server is running and accepting requests.
 * webui.log:
     o
       2017/12/25 18:17:46
       I18N_OPENXPKI_I18N_SETLOCALE_LC_MESSAGES_FAILED; __LOCALE__ =>
       en_US.utf8.UTF-8
       2017/12/25 18:21:29
       I18N_OPENXPKI_I18N_SETLOCALE_LC_MESSAGES_FAILED; __LOCALE__ =>
       en_US.utf8.UTF-8
       2017/12/25 18:21:33
       I18N_OPENXPKI_I18N_SETLOCALE_LC_MESSAGES_FAILED; __LOCALE__ =>
       en_US.utf8.UTF-8
       2017/12/25 18:24:03
       I18N_OPENXPKI_I18N_SETLOCALE_LC_MESSAGES_FAILED; __LOCALE__ =>
       en_US.utf8.UTF-8
       2017/12/25 18:24:05
       I18N_OPENXPKI_I18N_SETLOCALE_LC_MESSAGES_FAILED; __LOCALE__ =>
       en_US.utf8.UTF-8
       2017/12/26 09:15:14
       I18N_OPENXPKI_I18N_SETLOCALE_LC_MESSAGES_FAILED; __LOCALE__ =>
       en_US.utf8.UTF-8
       2017/12/26 09:15:15
       I18N_OPENXPKI_I18N_SETLOCALE_LC_MESSAGES_FAILED; __LOCALE__ =>
       en_US.utf8.UTF-8
       2017/12/26 09:28:58
       I18N_OPENXPKI_I18N_SETLOCALE_LC_MESSAGES_FAILED; __LOCALE__ =>
       en_US.utf8.UTF-8
       2017/12/26 09:29:00
       I18N_OPENXPKI_I18N_SETLOCALE_LC_MESSAGES_FAILED; __LOCALE__ =>
       en_US.utf8.UTF-8
       2017/12/26 09:32:11
       I18N_OPENXPKI_I18N_SETLOCALE_LC_MESSAGES_FAILED; __LOCALE__ =>
       en_US.utf8.UTF-8
       2017/12/26 09:32:13
       I18N_OPENXPKI_I18N_SETLOCALE_LC_MESSAGES_FAILED; __LOCALE__ =>
       en_US.utf8.UTF-8
       2017/12/26 09:47:41
       I18N_OPENXPKI_I18N_SETLOCALE_LC_MESSAGES_FAILED; __LOCALE__ =>
       en_US.utf8.UTF-8
       2017/12/26 09:47:43
       I18N_OPENXPKI_I18N_SETLOCALE_LC_MESSAGES_FAILED; __LOCALE__ =>
       en_US.utf8.UTF-8
       2017/12/26 09:47:45
       I18N_OPENXPKI_I18N_SETLOCALE_LC_MESSAGES_FAILED; __LOCALE__ =>
       en_US.utf8.UTF-8
       2017/12/26 09:47:49
       I18N_OPENXPKI_I18N_SETLOCALE_LC_MESSAGES_FAILED; __LOCALE__ =>
       en_US.utf8.UTF-8
       2017/12/26 09:47:51
       I18N_OPENXPKI_I18N_SETLOCALE_LC_MESSAGES_FAILED; __LOCALE__ =>
       en_US.utf8.UTF-8
       2017/12/26 09:48:28
       I18N_OPENXPKI_I18N_SETLOCALE_LC_MESSAGES_FAILED; __LOCALE__ =>
       en_US.utf8.UTF-8
 * error.log (apache2)
     o
     o </p>
     o [Sat Dec 30 14:49:33 2017] webui.fcgi:
       I18N_OPENXPKI_I18N_SETLOCALE_LC_MESSAGES_FAILED; __LOCALE__ =>
       en_US.utf8.UTF-8
     o [Sat Dec 30 14:49:33.075061 2017] [fcgid:warn] [pid 16225]
       (104)Connection reset by peer: [client xxx.xxx.xxx.22:1249]
       mod_fcgid: error reading data from FastCGI server, referer:
http://xxx.xxx.xxx.76/openxpki/
     o [Sat Dec 30 14:49:33.075154 2017] [core:error] [pid 16225]
       [client xxx.xxx.xxx.22:1249] End of script output before
       headers: webui.fcgi, referer: http://xxx.xxx.xxx.76/openxpki/
 * locale -a | grep en_US
     o en_US
     o en_US.iso885915
     o en_US.utf8
Kind regard,
Markus

On 30. Dec 2017, at 17:44, Oliver Welter <m...@oliwel.de 
<mailto:m...@oliwel.de> <mailto:m...@oliwel.de>> wrote:


Oliver

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most

engaging tech sites, Slashdot.org <http://Slashdot.org>! 
http://sdm.link/slashdot

_______________________________________________
OpenXPKI-users mailing list

OpenXPKI-users@lists.sourceforge.net 
<mailto:OpenXPKI-users@lists.sourceforge.net>

https://lists.sourceforge.net/lists/listinfo/openxpki-users



--
Protect your environment -  close windows and adopt a penguin!

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most

engaging tech sites, Slashdot.org <http://Slashdot.org>! 
http://sdm.link/slashdot

_______________________________________________
OpenXPKI-users mailing list

OpenXPKI-users@lists.sourceforge.net 
<mailto:OpenXPKI-users@lists.sourceforge.net>

https://lists.sourceforge.net/lists/listinfo/openxpki-users




------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot



_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users




--
Protect your environment -  close windows and adopt a penguin!




Attachment:
smime.p7s

Description: S/MIME Cryptographic Signature


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users






















					Reply via email to