Hi Rolf, > When installing Openxpki on debian 10 through the quick start section on the > readthedocs, i am able to execute all of the steps in the quickstart. > However, when i start the server with openxpkiadm start, and i access the > webgui i am asked for a client certificate (which i dont have). > Also, when i remove the x509 authentication mechanism, i am still unable to > access the webgui. > > Looking at the apache2 configuration, it points to /var/www instead of > /var/www/openxpki. > I changed the document root for the apache2 installation to > /var/www/openxpki, but now it stays at: "OpenXPKI is loading ... " and it > does not continue.
The SSL Client Certificate verification in contrib/apache2-openxpki-site.conf from the openxpki-config repository is optional. It normally is ignored by your browser unless you have a TLS Client authentication certificate available in your browser (which seems to be the case for you). In this case, your browser offers you the choice to present the client cert to the server. You can decline to do so or use the certificate you already have, it should have no impact, since the OpenXPKI backend is by default not configured to check this. To avoid the confusion, set SSLVerifyClient to "none" and you should be good. The default configuration also exposes the frontend at /openxpki relative to the base URL, so please keep the document root at /var/www. You should call https://yourserver/openxpki to open the web interface. Hope this helps, Martin _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
