Hi there
I'm getting the following SQL error when attempting to import the data vault,
is this config related?
71 Query SELECT certificate.data, certificate.subject,
certificate.identifier, certificate.notbefore, certificate.notafter,
certificate.subject_key_identifier FROM certificate INNER JOIN aliases ON (
certificate.identifier = aliases.identifier ) WHERE ( ( aliases.alias =
'vault-1' AND aliases.pki_realm = 'democa' ) )
71 Query ROLLBACK
I have this working with 3.6.1, but the debian packages are masked in the repo.
is there a way I can unmask that version as I've validated it. I'm doing a
whole new validation that wasn't intended.
root@CA-ITOPS-CA-01:~# openxpkiadm version
Version (core): 3.8.1
root@CA-ITOPS-CA-01:~# ls -la /etc/openxpki/config.d/realm/
total 8
drwxrwxr-x 2 openxpki root 4096 Nov 28 14:37 .
drwxr-x--- 5 openxpki root 4096 Apr 16 2020 ..
lrwxrwxrwx 1 openxpki root 13 Nov 26 11:52 ITOps -> ../realm.tpl/
root@CA-ITOPS-CA-01:~# grep -rl democa /etc/openxpki/
/etc/openxpki/webui/default.conf
/etc/openxpki/config.d/realm.tpl/auth/handler.yaml
/etc/openxpki/soap/default.conf
/etc/openxpki/est/default.conf
/etc/openxpki/QUICKSTART.md
/etc/openxpki/ca/README.md
/etc/openxpki/rpc/enroll.conf
/etc/openxpki/rpc/public.conf
/etc/openxpki/rpc/default.conf
/etc/openxpki/scep/default.conf
import code
root@CA-ITOPS-CA-01:~# cat loadcerts.sh
#!/bin/bash
BASE='/etc/openxpki';
OPENXPKI_CONFIG="${BASE}/config.d/system/server.yaml"
REALM='ITOps'
.... [rest of sampleconfig.sh forked init]
openxpkiadm certificate import --file "${ROOT_CA_CERTIFICATE}"
openxpkiadm certificate import --file "${ISSUING_CA_CERTIFICATE}" --realm
"${REALM}"
#Datavault and SCEP Issued under SubCA
openxpkiadm certificate import --file "${DATAVAULT_CERTIFICATE}" --realm
"${REALM}" --token datasafe --key ${DATAVAULT_KEY}
sleep 1;
#link key to cert
openxpkiadm alias --realm "${REALM}" --token certsign --file
"${ISSUING_CA_CERTIFICATE}" --key ${ISSUING_CA_KEY}
#sleep 1;
openxpkiadm certificate import --file "${SCEP_CERTIFICATE}" --realm "${REALM}"
--token scep --key ${SCEP_KEY}
SQL Output
70 Query INSERT INTO aliases (group_id, notafter, pki_realm, identifier,
generation, alias, notbefore) VALUES ('vault', '1922315858', 'ITOps',
'VY9D0BFJ9gh2Zg5PHtEGIK4V6yM', '1', 'vault-1', '1606523858') ON DUPLICATE KEY
UPDATE notbefore='1606523858', alias='vault-1',
identifier='VY9D0BFJ9gh2Zg5PHtEGIK4V6yM', generation='1', pki_realm='ITOps',
notafter='1922315858', group_id='vault'
71 Connect [email protected] as anonymous on
openxpki_itops
71 Query SET autocommit=0
71 Query SET SESSION TRANSACTION ISOLATION LEVEL READ COMMITTED
71 Query INSERT INTO backend_session (session_id, created,
ip_address, data, modified) VALUES ('+J+9pX8lSoeb3eYHtvhRlg==', '1606596607',
NULL, 'JSON:{\"status\":\"SESSION_ID_SENT\",\"is_valid\":0}', '1606596607') ON
DUPLICATE KEY UPDATE modified='1606596607',
data='JSON:{\"status\":\"SESSION_ID_SENT\",\"is_valid\":0}', ip_address=NULL
71 Query COMMIT
71 Query INSERT INTO backend_session (session_id, created,
ip_address, data, modified) VALUES ('+J+9pX8lSoeb3eYHtvhRlg==', '1606596607',
NULL,
'JSON:{\"is_valid\":0,\"pki_realm\":\"democa\",\"status\":\"WAITING_FOR_AUTHENTICATION_STACK\"}',
'1606596607') ON DUPLICATE KEY UPDATE
data='JSON:{\"is_valid\":0,\"pki_realm\":\"democa\",\"status\":\"WAITING_FOR_AUTHENTICATION_STACK\"}',
modified='1606596607', ip_address=NULL
71 Query COMMIT
71 Query INSERT INTO backend_session (session_id, created,
ip_address, data, modified) VALUES ('+J+9pX8lSoeb3eYHtvhRlg==', '1606596607',
NULL,
'JSON:{\"authentication_stack\":\"_System\",\"role\":\"System\",\"user\":\"anonymous\",\"is_valid\":\"1\",\"status\":\"MAIN_LOOP\",\"pki_realm\":\"democa\",\"userinfo\":{\"realname\":\"I18N_OPENXPKI_UI_USER_ANONYMOUS\"}}',
'1606596607') ON DUPLICATE KEY UPDATE
data='JSON:{\"authentication_stack\":\"_System\",\"role\":\"System\",\"user\":\"anonymous\",\"is_valid\":\"1\",\"status\":\"MAIN_LOOP\",\"pki_realm\":\"democa\",\"userinfo\":{\"realname\":\"I18N_OPENXPKI_UI_USER_ANONYMOUS\"}}',
modified='1606596607', ip_address=NULL
71 Query COMMIT
71 Query SELECT certificate.data, certificate.subject,
certificate.identifier, certificate.notbefore, certificate.notafter,
certificate.subject_key_identifier FROM certificate INNER JOIN aliases ON (
certificate.identifier = aliases.identifier ) WHERE ( ( aliases.alias =
'vault-1' AND aliases.pki_realm = 'democa' ) )
71 Query ROLLBACK
69 Quit
70 Quit
71 Query ROLLBACK
Output
Starting import
Successfully imported certificate into database:
Subject: CN=ITOps Intermediate Linux CA,OU=PKI,O=,C=CA
Issuer: CN= Root CA
Identifier: 2WU6_r562Vm_OfA7pZ9WqhllWNs
Realm: ITOps
Starting import
Successfully imported certificate into database:
Subject: CN=ITOps LinuxCA Internal DataVault
Issuer: CN=ITOps Intermediate Linux CA,OU=PKI,O=,C=CA
Identifier: VY9D0BFJ9gh2Zg5PHtEGIK4V6yM
Realm: ITOps
Deprecated - please use openxpkiadm alias with --file option instead
2020/11/28 15:50:07 I18N_OPENXPKI_CRYPTO_TOKENMANAGER_ADD_TOKEN_CREATE_FAILED
Error running command:
I18N_OPENXPKI_CRYPTO_TOKENMANAGER_ADD_TOKEN_CREATE_FAILED at
/usr/share/perl5/OpenXPKI/Client/Simple.pm line 352.
2020/11/28 15:50:11 I18N_OPENXPKI_CRYPTO_TOKENMANAGER_ADD_TOKEN_CREATE_FAILED
Error running command:
I18N_OPENXPKI_CRYPTO_TOKENMANAGER_ADD_TOKEN_CREATE_FAILED at
/usr/share/perl5/OpenXPKI/Client/Simple.pm line 352.
Starting import
Successfully imported certificate into database:
Subject: CN=lxscep.itops.pki..net:scep-ra
Issuer: CN=ITOps Intermediate Linux CA,OU=PKI,O=,C=CA
Identifier: gVKPQRjnjqFvi1t-vBnoU3alKUM
Realm: ITOps
Deprecated - please use openxpkiadm alias with --file option instead
2020/11/28 15:50:13 I18N_OPENXPKI_CRYPTO_TOKENMANAGER_ADD_TOKEN_CREATE_FAILED
Error running command:
I18N_OPENXPKI_CRYPTO_TOKENMANAGER_ADD_TOKEN_CREATE_FAILED at
/usr/share/perl5/OpenXPKI/Client/Simple.pm line 352.
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
