Hello all, I have just setup a new openxpki test environment using certificates already existing on another (not connected / reachable) openxpki test environment. Unfortunately the web interface system status shows me that ca-signer-1 (certsign) and vault-1 (datasafe) are both offline. Additionally I see the message "CRL expired - update required!! (What I think is a following error of previous two tokens being offline.)
I have checked the forum and found that this is mostly caused by: 1. invalid key password within crypto.yaml 2. invalid permissions to .crt / .key files. So I checked both and found that 1. is correct. With 2. I am not exactly sure what are the correct permissions. Maybe someone can help me on this? (see my current permissions below). My system is: OS: Debian Jessie 8.11 openxpki system version: 2.5.5 openxpki package: debian-2.4 openxpki config: 2.4 openxpki commit: 0abcde Currently permissions are set as follows: *root@openxpki-000001:~# ls -la /etc/openxpki/ssl/example-corp/ total 116drwxr-x--- 3 openxpki root 4096 Aug 16 10:18 .drwxr-x--- 3 openxpki root 4096 Aug 16 10:13 ..-rwxr-x--- 1 openxpki root 2037 Aug 16 10:13 example-corp_2019-04_DataVault.crt-rwxr-x--- 1 openxpki root 3394 Aug 16 10:13 example-corp_2019-04_DataVault.key-rwxr-x--- 1 openxpki root 8731 Aug 16 10:13 example-corp_2019-04_Issuing-CA.crt-rwxr-x--- 1 openxpki root 1773 Aug 16 10:13 example-corp_2019-04_Issuing-CA.csr-rwxr-x--- 1 openxpki root 3406 Aug 16 10:13 example-corp_2019-04_Issuing-CA.key-rwxr-x--- 1 openxpki root 2013 Aug 16 10:13 example-corp_2019-04_Root-CA.crt-rwxr-x--- 1 openxpki root 3394 Aug 16 10:13 example-corp_2019-04_Root-CA.key-rwxr-x--- 1 openxpki root 6847 Aug 16 10:13 example-corp_2019-04_Scep-RA.crt-rwxr-x--- 1 openxpki root 1752 Aug 16 10:13 example-corp_2019-04_Scep-RA.csr-rwxr-x--- 1 openxpki root 3394 Aug 16 10:13 example-corp_2019-04_Scep-RA.key-rwxr-x--- 1 openxpki root 8578 Aug 16 10:13 example-corp_2019-04_Web.crt-rwxr-x--- 1 openxpki root 1744 Aug 16 10:13 example-corp_2019-04_Web.csr-rwxr-x--- 1 openxpki root 3394 Aug 16 10:13 example-corp_2019-04_Web.keylrwxrwxrwx 1 root root 63 Aug 16 10:18 example-corp-scep-1.pem -> /etc/openxpki/ssl/example-corp/example-corp_2019-04_Scep-RA.keylrwxrwxrwx 1 root root 66 Aug 16 10:18 example-corp-signer-1.pem -> /etc/openxpki/ssl/example-corp/example-corp_2019-04_Issuing-CA.keylrwxrwxrwx 1 root root 65 Aug 16 10:18 example-corp-vault-1.pem -> /etc/openxpki/ssl/example-corp/example-corp_2019-04_DataVault.keydrwxr-x--- 2 openxpki root 4096 Aug 16 10:13 .openssl* *root@openxpki-000001:~# ls -la /etc/openxpki/config.d/realm/example-corp/crypto.yaml -r-------- 1 openxpki root 1553 Aug 16 15:52 /etc/openxpki/config.d/realm/example-corp/crypto.yaml* Thanks for any help. Kind Regards Martin
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
