Hi Markus,the good-bad-news - I was able to reproduce the, but only once - now its working again.
But I have an idea - can you please access your database and empty the "secret" table. This is a cache only which is rebuild internally, perhaps there is some problem due to changed internal structures.
best regards Oliver Am 11.01.2018 um 08:51 schrieb Oliver Welter:
Hello Markus,in future please start a new mail thread with a "useful" subject line for each problem - this will become a bit hard to track otherwise....This looks very similar to the problem that Andreas reported last week. @Andreas - did you find a cause/solution?First, at the system status page you see aftrer login, is the "datasafe" token shown as "ONLINE"?What operating system are you using? What is the version of openssl (openssl version)?Can you check if the key blobs in your database look "good". In table datapool, namespace sys.datapool.keys the values should start with "----BEGIN PKCS7-----" and end with "-----END PKCS7-----".Oliver Am 09.01.2018 um 15:27 schrieb Markus Kastner via OpenXPKI-users:Dear Oliver,thank you so much for your help! I was able to get the UI up and running. Unfortunately I ran into trouble again. I'm seemingly not able to issue any certificates using the Infrastructure. The error I get on the openxpki.log is the following:2018/01/09 14:48:20 ERROR I18N_OPENXPKI_CRYPTO_CLI_EXECUTE_FAILED; __EXIT_STATUS__ => 512 [pid=17724|sid=D9nz|wftype=certificate_signing_request_v2|wfid=3583] 2018/01/09 14:48:20 ERROR I18N_OPENXPKI_TOOLKIT_COMMAND_FAILED; __COMMAND__ => OpenXPKI::Crypto::Backend::OpenSSL::Command::pkcs7_decrypt; __ERRVAL__ => I18N_OPENXPKI_CRYPTO_CLI_EXECUTE_FAILED; __EXIT_ST$ 2018/01/09 14:48:20 ERROR I18N_OPENXPKI_SERVER_API_OBJECT_GET_DATA_POOL_ENTRY_ENCRYPTION_KEY_UNAVAILABLE; __SAFE_ID__ => ca-one-vault-1; __NAMESPACE__ => sys.datapool.keys; __PKI_REALM__ => ca-one; __KEY$ 2018/01/09 14:48:21 ERROR Caught exception from action: I18N_OPENXPKI_SERVER_API_OBJECT_GET_DATA_POOL_ENTRY_ENCRYPTION_KEY_UNAVAILABLE; __KEY__ => Dnw0IuvDKxE30ko9Gb1I8BQ5j80; __SAFE_ID__ => ca-one-vault$ 2018/01/09 14:48:21 ERROR I18N_OPENXPKI_SERVER_WORKFLOW_ERROR_ON_EXECUTE; __ACTION__ => csr_persist_key_password; __ERROR__ => I18N_OPENXPKI_SERVER_API_OBJECT_GET_DATA_POOL_ENTRY_ENCRYPTION_KEY_UNAVAILAB$ 2018/01/09 14:48:21 ERROR Error executing workflow activity 'csr_retype_server_password' on workflow id 3583 (type certificate_signing_request_v2): I18N_OPENXPKI_SERVER_WORKFLOW_ERROR_ON_EXECUTE; __ERROR$ 2018/01/09 14:48:21 ERROR I18N_OPENXPKI_SERVER_API_WORKFLOW_GET_WORKFLOW_INFO_NO_WORKFLOW_GIVEN; __ARGS__ => HASH(0x724a2f0) [pid=17724|sid=D9nz]After reading the error log several times I conclude that there seems to be a key missing (I18N_OPENXPKI_SERVER_API_OBJECT_GET_DATA_POOL_ENTRY_ENCRYPTION_KEY_UNAVAILABLE) however I’m not able to figure out which one it is… Do you have any suggestions for me?Just as additional information the .pem files are in /etc/openxpki/ssl/ca-one/ order and running openxpkiadm alias --realm ca-one returns:=== functional token === ca-one-signer (certsign): Alias : ca-one-signer-1 Identifier: eU3VSWoYdMwPAJZN23W6EcFRhlw NotBefore : 2017-12-19 11:00:59 NotAfter : 2018-12-19 11:00:59 ca-one-scep (scep): Alias : ca-one-scep-1 Identifier: wOTSHqJV558ALdTfPnNuZubjYFw NotBefore : 2017-12-19 11:10:20 NotAfter : 2018-12-19 11:10:20 ca-one-vault (datasafe): Alias : ca-one-vault-1 Identifier: V2qV3EsSaGiUUkIvQRmoZDk7Z48 NotBefore : 2017-12-19 11:09:29 NotAfter : 2018-12-19 11:09:29 === root ca === current root ca: Alias : root-1 Identifier: 7K3Go4IUtFb12i_ncTPlwmhuIyY NotBefore : 2017-12-19 10:32:54 NotAfter : 2106-02-07 06:28:15 Kind regards, MarkusOn 30. Dec 2017, at 21:35, Oliver Welter <m...@oliwel.de <mailto:m...@oliwel.de>> wrote:Hi Markus,there is two times "utf8" in message: "en_US.utf8.UTF-8" - check the settings in the webui.conf and the general debian settings for the locales, there seems to be something wrong.Oliver Am 30.12.2017 um 16:15 schrieb Markus Kastner via OpenXPKI-users:Dear Oliver,thank you for your very quick reply. I’ve just checked out your suggestions but so far I wasn’t lucky… In order for you to maybe help me further I’ve attached the log file data. From what I can gather the webui still has a problem with the locals. Unfortunately I don’t know whats going wrong here, as locale -a | grep en_US replies with en_US.utf8.* openxpkictl status o OpenXPKI Server is running and accepting requests. * webui.log: o 2017/12/25 18:17:46 I18N_OPENXPKI_I18N_SETLOCALE_LC_MESSAGES_FAILED; __LOCALE__ => en_US.utf8.UTF-8 2017/12/25 18:21:29 I18N_OPENXPKI_I18N_SETLOCALE_LC_MESSAGES_FAILED; __LOCALE__ => en_US.utf8.UTF-8 2017/12/25 18:21:33 I18N_OPENXPKI_I18N_SETLOCALE_LC_MESSAGES_FAILED; __LOCALE__ => en_US.utf8.UTF-8 2017/12/25 18:24:03 I18N_OPENXPKI_I18N_SETLOCALE_LC_MESSAGES_FAILED; __LOCALE__ => en_US.utf8.UTF-8 2017/12/25 18:24:05 I18N_OPENXPKI_I18N_SETLOCALE_LC_MESSAGES_FAILED; __LOCALE__ => en_US.utf8.UTF-8 2017/12/26 09:15:14 I18N_OPENXPKI_I18N_SETLOCALE_LC_MESSAGES_FAILED; __LOCALE__ => en_US.utf8.UTF-8 2017/12/26 09:15:15 I18N_OPENXPKI_I18N_SETLOCALE_LC_MESSAGES_FAILED; __LOCALE__ => en_US.utf8.UTF-8 2017/12/26 09:28:58 I18N_OPENXPKI_I18N_SETLOCALE_LC_MESSAGES_FAILED; __LOCALE__ => en_US.utf8.UTF-8 2017/12/26 09:29:00 I18N_OPENXPKI_I18N_SETLOCALE_LC_MESSAGES_FAILED; __LOCALE__ => en_US.utf8.UTF-8 2017/12/26 09:32:11 I18N_OPENXPKI_I18N_SETLOCALE_LC_MESSAGES_FAILED; __LOCALE__ => en_US.utf8.UTF-8 2017/12/26 09:32:13 I18N_OPENXPKI_I18N_SETLOCALE_LC_MESSAGES_FAILED; __LOCALE__ => en_US.utf8.UTF-8 2017/12/26 09:47:41 I18N_OPENXPKI_I18N_SETLOCALE_LC_MESSAGES_FAILED; __LOCALE__ => en_US.utf8.UTF-8 2017/12/26 09:47:43 I18N_OPENXPKI_I18N_SETLOCALE_LC_MESSAGES_FAILED; __LOCALE__ => en_US.utf8.UTF-8 2017/12/26 09:47:45 I18N_OPENXPKI_I18N_SETLOCALE_LC_MESSAGES_FAILED; __LOCALE__ => en_US.utf8.UTF-8 2017/12/26 09:47:49 I18N_OPENXPKI_I18N_SETLOCALE_LC_MESSAGES_FAILED; __LOCALE__ => en_US.utf8.UTF-8 2017/12/26 09:47:51 I18N_OPENXPKI_I18N_SETLOCALE_LC_MESSAGES_FAILED; __LOCALE__ => en_US.utf8.UTF-8 2017/12/26 09:48:28 I18N_OPENXPKI_I18N_SETLOCALE_LC_MESSAGES_FAILED; __LOCALE__ => en_US.utf8.UTF-8 * error.log (apache2) o o </p> o [Sat Dec 30 14:49:33 2017] webui.fcgi: I18N_OPENXPKI_I18N_SETLOCALE_LC_MESSAGES_FAILED; __LOCALE__ => en_US.utf8.UTF-8 o [Sat Dec 30 14:49:33.075061 2017] [fcgid:warn] [pid 16225] (104)Connection reset by peer: [client xxx.xxx.xxx.22:1249] mod_fcgid: error reading data from FastCGI server, referer: http://xxx.xxx.xxx.76/openxpki/ o [Sat Dec 30 14:49:33.075154 2017] [core:error] [pid 16225] [client xxx.xxx.xxx.22:1249] End of script output before headers: webui.fcgi, referer: http://xxx.xxx.xxx.76/openxpki/ * locale -a | grep en_US o en_US o en_US.iso885915 o en_US.utf8 Kind regard, MarkusOn 30. Dec 2017, at 17:44, Oliver Welter <m...@oliwel.de <mailto:m...@oliwel.de> <mailto:m...@oliwel.de>> wrote:------------------------------------------------------------------------------OliverCheck out the vibrant tech community on one of the world's mostengaging tech sites, Slashdot.org <http://Slashdot.org>! http://sdm.link/slashdot_______________________________________________ OpenXPKI-users mailing listOpenXPKI-users@lists.sourceforge.net <mailto:OpenXPKI-users@lists.sourceforge.net>https://lists.sourceforge.net/lists/listinfo/openxpki-users-- Protect your environment - close windows and adopt a penguin!------------------------------------------------------------------------------Check out the vibrant tech community on one of the world's mostengaging tech sites, Slashdot.org <http://Slashdot.org>! http://sdm.link/slashdot_______________________________________________ OpenXPKI-users mailing listOpenXPKI-users@lists.sourceforge.net <mailto:OpenXPKI-users@lists.sourceforge.net>https://lists.sourceforge.net/lists/listinfo/openxpki-users------------------------------------------------------------------------------Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
-- Protect your environment - close windows and adopt a penguin!
smime.p7s
Description: S/MIME Cryptographic Signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
