Hello Mark, Am 05.08.20 um 13:32 schrieb Mark Robson:
> “Starting with release 3.6 the default config uses the database to store > the issuing ca and SCEP tokens - if you upgrade from an older config > version check the new settings in systems/crypto.yaml.“ > This states that in 3.6 the certs are stored in the database, but when > you run import root CA it fails. This kind of makes sense because you > have it in the DB, where I’m guessing it is supposed to go. The certs have ALWAYS been in the database, the news is that the KEYs are now alos loaded into the database and you dont need to place them onto the filesystem any longer. This is only relevant if you upgrade the config, if you have a running config and update the code only, the keys will stay in the filesystem. So some more diagnostic info is appreciated - note, v3.6.0 had a bug in the openxpkiadm import, so make sure you have 3.6.1 installed! > However when you then do openxpkictl start the server starts but you > can’t load the web ui. I must admit you are right - the new config references "/etc/openxpki/tls/chain" as chain directory for TLS Client auth and unfortunately apache is a bit picky and crashes if this path does not exists and have at least one certificate in it. The sampleconfig.sh creates this but the package itself not :( > Instead if you try and restart apache, you get to see an error in the > journal, which complains about a tls directory being missing, > (/etc/openxpki/tls/) and therefore fails. Expected fix: Create /etc/openxpki/tls/chain/, place your root certificate in it and ru n"c_rehash /etc/openxpki/tls/chain/" Oli -- Protect your environment - close windows and adopt a penguin! _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
