Hello Oliver, as it is still in test/development I have decided to dump the database and start over. I also have started to do some changes on the PSQL schema but this will be an other thread as I have some questions :)
I have used the same certificates/tokens and it is working now. I'm not sure what it was. Maybe I have forgotten a step but I'm sure I have imported the certificate and have set the alias with the openxpkiadm tool. Permissions on the certificate and keys were set correctly and I have set every key in the crypto.yaml file. The token was also online. Mit freundlichen Grüßen / Best regards Andreas Krieger -----Ursprüngliche Nachricht----- Von: Oliver Welter [mailto:m...@oliwel.de] Gesendet: Donnerstag, 11. Januar 2018 08:52 An: Markus Kastner via OpenXPKI-users Betreff: Re: [OpenXPKI-users] Problem with datasafe token Hello Markus, in future please start a new mail thread with a "useful" subject line for each problem - this will become a bit hard to track otherwise.... This looks very similar to the problem that Andreas reported last week. @Andreas - did you find a cause/solution? First, at the system status page you see aftrer login, is the "datasafe" token shown as "ONLINE"? What operating system are you using? What is the version of openssl (openssl version)? Can you check if the key blobs in your database look "good". In table datapool, namespace sys.datapool.keys the values should start with "----BEGIN PKCS7-----" and end with "-----END PKCS7-----". Oliver Am 09.01.2018 um 15:27 schrieb Markus Kastner via OpenXPKI-users: > Dear Oliver, > > thank you so much for your help! I was able to get the UI up and > running. Unfortunately I ran into trouble again. I'm seemingly not > able to issue any certificates using the Infrastructure. The error I > get on the openxpki.log is the following: > > 2018/01/09 14:48:20 ERROR I18N_OPENXPKI_CRYPTO_CLI_EXECUTE_FAILED; > __EXIT_STATUS__ => 512 > [pid=17724|sid=D9nz|wftype=certificate_signing_request_v2|wfid=3583] > 2018/01/09 14:48:20 ERROR I18N_OPENXPKI_TOOLKIT_COMMAND_FAILED; > __COMMAND__ => > OpenXPKI::Crypto::Backend::OpenSSL::Command::pkcs7_decrypt; __ERRVAL__ > => I18N_OPENXPKI_CRYPTO_CLI_EXECUTE_FAILED; __EXIT_ST$ > 2018/01/09 14:48:20 ERROR > I18N_OPENXPKI_SERVER_API_OBJECT_GET_DATA_POOL_ENTRY_ENCRYPTION_KEY_UNA > VAILABLE; __SAFE_ID__ => ca-one-vault-1; __NAMESPACE__ => > sys.datapool.keys; __PKI_REALM__ => ca-one; __KEY$ > 2018/01/09 14:48:21 ERROR Caught exception from action: > I18N_OPENXPKI_SERVER_API_OBJECT_GET_DATA_POOL_ENTRY_ENCRYPTION_KEY_UNA > VAILABLE; __KEY__ => Dnw0IuvDKxE30ko9Gb1I8BQ5j80; __SAFE_ID__ => > ca-one-vault$ > 2018/01/09 14:48:21 ERROR > I18N_OPENXPKI_SERVER_WORKFLOW_ERROR_ON_EXECUTE; __ACTION__ => > csr_persist_key_password; __ERROR__ => > I18N_OPENXPKI_SERVER_API_OBJECT_GET_DATA_POOL_ENTRY_ENCRYPTION_KEY_UNA > VAILAB$ > 2018/01/09 14:48:21 ERROR Error executing workflow activity > 'csr_retype_server_password' on workflow id 3583 (type > certificate_signing_request_v2): > I18N_OPENXPKI_SERVER_WORKFLOW_ERROR_ON_EXECUTE; __ERROR$ > 2018/01/09 14:48:21 ERROR > I18N_OPENXPKI_SERVER_API_WORKFLOW_GET_WORKFLOW_INFO_NO_WORKFLOW_GIVEN; > __ARGS__ => HASH(0x724a2f0) [pid=17724|sid=D9nz] > > After reading the error log several times I conclude that there seems > to be a key missing > (I18N_OPENXPKI_SERVER_API_OBJECT_GET_DATA_POOL_ENTRY_ENCRYPTION_KEY_UN > AVAILABLE) however I’m not able to figure out which one it is… Do you > have any suggestions for me? > > Just as additional information the .pem files are in > /etc/openxpki/ssl/ca-one/ order and running openxpkiadm alias --realm > ca-one returns: > > === functional token === > ca-one-signer (certsign): > Alias : ca-one-signer-1 > Identifier: eU3VSWoYdMwPAJZN23W6EcFRhlw > NotBefore : 2017-12-19 11:00:59 > NotAfter : 2018-12-19 11:00:59 > > ca-one-scep (scep): > Alias : ca-one-scep-1 > Identifier: wOTSHqJV558ALdTfPnNuZubjYFw > NotBefore : 2017-12-19 11:10:20 > NotAfter : 2018-12-19 11:10:20 > > ca-one-vault (datasafe): > Alias : ca-one-vault-1 > Identifier: V2qV3EsSaGiUUkIvQRmoZDk7Z48 > NotBefore : 2017-12-19 11:09:29 > NotAfter : 2018-12-19 11:09:29 > > === root ca === > current root ca: > Alias : root-1 > Identifier: 7K3Go4IUtFb12i_ncTPlwmhuIyY > NotBefore : 2017-12-19 10:32:54 > NotAfter : 2106-02-07 06:28:15 > > > Kind regards, > Markus > > >> On 30. Dec 2017, at 21:35, Oliver Welter <m...@oliwel.de >> <mailto:m...@oliwel.de>> wrote: >> >> Hi Markus, >> >> there is two times "utf8" in message: "en_US.utf8.UTF-8" - check the >> settings in the webui.conf and the general debian settings for the >> locales, there seems to be something wrong. >> >> Oliver >> >> Am 30.12.2017 um 16:15 schrieb Markus Kastner via OpenXPKI-users: >>> Dear Oliver, >>> thank you for your very quick reply. I’ve just checked out your >>> suggestions but so far I wasn’t lucky… In order for you to maybe >>> help me further I’ve attached the log file data. From what I can >>> gather the webui still has a problem with the locals. Unfortunately >>> I don’t know whats going wrong here, as locale -a | grep en_US >>> replies with en_US.utf8. >>> * >>> openxpkictl status >>> o >>> OpenXPKI Server is running and accepting requests. >>> * webui.log: >>> o >>> 2017/12/25 18:17:46 >>> I18N_OPENXPKI_I18N_SETLOCALE_LC_MESSAGES_FAILED; __LOCALE__ >>> => >>> en_US.utf8.UTF-8 >>> 2017/12/25 18:21:29 >>> I18N_OPENXPKI_I18N_SETLOCALE_LC_MESSAGES_FAILED; __LOCALE__ >>> => >>> en_US.utf8.UTF-8 >>> 2017/12/25 18:21:33 >>> I18N_OPENXPKI_I18N_SETLOCALE_LC_MESSAGES_FAILED; __LOCALE__ >>> => >>> en_US.utf8.UTF-8 >>> 2017/12/25 18:24:03 >>> I18N_OPENXPKI_I18N_SETLOCALE_LC_MESSAGES_FAILED; __LOCALE__ >>> => >>> en_US.utf8.UTF-8 >>> 2017/12/25 18:24:05 >>> I18N_OPENXPKI_I18N_SETLOCALE_LC_MESSAGES_FAILED; __LOCALE__ >>> => >>> en_US.utf8.UTF-8 >>> 2017/12/26 09:15:14 >>> I18N_OPENXPKI_I18N_SETLOCALE_LC_MESSAGES_FAILED; __LOCALE__ >>> => >>> en_US.utf8.UTF-8 >>> 2017/12/26 09:15:15 >>> I18N_OPENXPKI_I18N_SETLOCALE_LC_MESSAGES_FAILED; __LOCALE__ >>> => >>> en_US.utf8.UTF-8 >>> 2017/12/26 09:28:58 >>> I18N_OPENXPKI_I18N_SETLOCALE_LC_MESSAGES_FAILED; __LOCALE__ >>> => >>> en_US.utf8.UTF-8 >>> 2017/12/26 09:29:00 >>> I18N_OPENXPKI_I18N_SETLOCALE_LC_MESSAGES_FAILED; __LOCALE__ >>> => >>> en_US.utf8.UTF-8 >>> 2017/12/26 09:32:11 >>> I18N_OPENXPKI_I18N_SETLOCALE_LC_MESSAGES_FAILED; __LOCALE__ >>> => >>> en_US.utf8.UTF-8 >>> 2017/12/26 09:32:13 >>> I18N_OPENXPKI_I18N_SETLOCALE_LC_MESSAGES_FAILED; __LOCALE__ >>> => >>> en_US.utf8.UTF-8 >>> 2017/12/26 09:47:41 >>> I18N_OPENXPKI_I18N_SETLOCALE_LC_MESSAGES_FAILED; __LOCALE__ >>> => >>> en_US.utf8.UTF-8 >>> 2017/12/26 09:47:43 >>> I18N_OPENXPKI_I18N_SETLOCALE_LC_MESSAGES_FAILED; __LOCALE__ >>> => >>> en_US.utf8.UTF-8 >>> 2017/12/26 09:47:45 >>> I18N_OPENXPKI_I18N_SETLOCALE_LC_MESSAGES_FAILED; __LOCALE__ >>> => >>> en_US.utf8.UTF-8 >>> 2017/12/26 09:47:49 >>> I18N_OPENXPKI_I18N_SETLOCALE_LC_MESSAGES_FAILED; __LOCALE__ >>> => >>> en_US.utf8.UTF-8 >>> 2017/12/26 09:47:51 >>> I18N_OPENXPKI_I18N_SETLOCALE_LC_MESSAGES_FAILED; __LOCALE__ >>> => >>> en_US.utf8.UTF-8 >>> 2017/12/26 09:48:28 >>> I18N_OPENXPKI_I18N_SETLOCALE_LC_MESSAGES_FAILED; __LOCALE__ >>> => >>> en_US.utf8.UTF-8 >>> * error.log (apache2) >>> o >>> o </p> >>> o [Sat Dec 30 14:49:33 2017] webui.fcgi: >>> I18N_OPENXPKI_I18N_SETLOCALE_LC_MESSAGES_FAILED; __LOCALE__ >>> => >>> en_US.utf8.UTF-8 >>> o [Sat Dec 30 14:49:33.075061 2017] [fcgid:warn] [pid 16225] >>> (104)Connection reset by peer: [client xxx.xxx.xxx.22:1249] >>> mod_fcgid: error reading data from FastCGI server, referer: >>> http://xxx.xxx.xxx.76/openxpki/ >>> o [Sat Dec 30 14:49:33.075154 2017] [core:error] [pid 16225] >>> [client xxx.xxx.xxx.22:1249] End of script output before >>> headers: webui.fcgi, referer: http://xxx.xxx.xxx.76/openxpki/ >>> * locale -a | grep en_US >>> o en_US >>> o en_US.iso885915 >>> o en_US.utf8 >>> Kind regard, >>> Markus >>>> On 30. Dec 2017, at 17:44, Oliver Welter <m...@oliwel.de >>>> <mailto:m...@oliwel.de> <mailto:m...@oliwel.de>> wrote: >>>> >>>> Oliver >>> -------------------------------------------------------------------- >>> ---------- Check out the vibrant tech community on one of the >>> world's most engaging tech sites, Slashdot.org >>> <http://Slashdot.org>! >>> http://sdm.link/slashdot >>> _______________________________________________ >>> OpenXPKI-users mailing list >>> OpenXPKI-users@lists.sourceforge.net >>> <mailto:OpenXPKI-users@lists.sourceforge.net> >>> https://lists.sourceforge.net/lists/listinfo/openxpki-users >> >> >> -- >> Protect your environment - close windows and adopt a penguin! >> >> --------------------------------------------------------------------- >> --------- Check out the vibrant tech community on one of the world's >> most engaging tech sites, Slashdot.org <http://Slashdot.org>! >> http://sdm.link/slashdot >> _______________________________________________ >> OpenXPKI-users mailing list >> OpenXPKI-users@lists.sourceforge.net >> <mailto:OpenXPKI-users@lists.sourceforge.net> >> https://lists.sourceforge.net/lists/listinfo/openxpki-users > > > > ---------------------------------------------------------------------- > -------- Check out the vibrant tech community on one of the world's > most engaging tech sites, Slashdot.org! http://sdm.link/slashdot > > > > _______________________________________________ > OpenXPKI-users mailing list > OpenXPKI-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/openxpki-users > -- Protect your environment - close windows and adopt a penguin! ------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot _______________________________________________ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
