Hi,
this looks like your Datavault Token is (again) not operational.
Oliver
Am 28.11.20 um 22:03 schrieb Steve Downey via OpenXPKI-users:
> Hi there
>
> I'm getting the following SQL error when attempting to import the data vault,
> is this config related?
>
> 71 Query SELECT certificate.data, certificate.subject,
> certificate.identifier, certificate.notbefore, certificate.notafter,
> certificate.subject_key_identifier FROM certificate INNER JOIN aliases ON (
> certificate.identifier = aliases.identifier ) WHERE ( ( aliases.alias =
> 'vault-1' AND aliases.pki_realm = 'democa' ) )
> 71 Query ROLLBACK
>
> I have this working with 3.6.1, but the debian packages are masked in the
> repo. is there a way I can unmask that version as I've validated it. I'm
> doing a whole new validation that wasn't intended.
>
> root@CA-ITOPS-CA-01:~# openxpkiadm version
> Version (core): 3.8.1
>
> root@CA-ITOPS-CA-01:~# ls -la /etc/openxpki/config.d/realm/
> total 8
> drwxrwxr-x 2 openxpki root 4096 Nov 28 14:37 .
> drwxr-x--- 5 openxpki root 4096 Apr 16 2020 ..
> lrwxrwxrwx 1 openxpki root 13 Nov 26 11:52 ITOps -> ../realm.tpl/
>
> root@CA-ITOPS-CA-01:~# grep -rl democa /etc/openxpki/
> /etc/openxpki/webui/default.conf
> /etc/openxpki/config.d/realm.tpl/auth/handler.yaml
> /etc/openxpki/soap/default.conf
> /etc/openxpki/est/default.conf
> /etc/openxpki/QUICKSTART.md
> /etc/openxpki/ca/README.md
> /etc/openxpki/rpc/enroll.conf
> /etc/openxpki/rpc/public.conf
> /etc/openxpki/rpc/default.conf
> /etc/openxpki/scep/default.conf
>
> import code
>
> root@CA-ITOPS-CA-01:~# cat loadcerts.sh
> #!/bin/bash
> BASE='/etc/openxpki';
> OPENXPKI_CONFIG="${BASE}/config.d/system/server.yaml"
> REALM='ITOps'
>
> .... [rest of sampleconfig.sh forked init]
>
> openxpkiadm certificate import --file "${ROOT_CA_CERTIFICATE}"
> openxpkiadm certificate import --file "${ISSUING_CA_CERTIFICATE}" --realm
> "${REALM}"
> #Datavault and SCEP Issued under SubCA
> openxpkiadm certificate import --file "${DATAVAULT_CERTIFICATE}" --realm
> "${REALM}" --token datasafe --key ${DATAVAULT_KEY}
> sleep 1;
> #link key to cert
> openxpkiadm alias --realm "${REALM}" --token certsign --file
> "${ISSUING_CA_CERTIFICATE}" --key ${ISSUING_CA_KEY}
> #sleep 1;
> openxpkiadm certificate import --file "${SCEP_CERTIFICATE}" --realm
> "${REALM}" --token scep --key ${SCEP_KEY}
>
> SQL Output
>
> 70 Query INSERT INTO aliases (group_id, notafter, pki_realm, identifier,
> generation, alias, notbefore) VALUES ('vault', '1922315858', 'ITOps',
> 'VY9D0BFJ9gh2Zg5PHtEGIK4V6yM', '1', 'vault-1', '1606523858') ON DUPLICATE KEY
> UPDATE notbefore='1606523858', alias='vault-1',
> identifier='VY9D0BFJ9gh2Zg5PHtEGIK4V6yM', generation='1', pki_realm='ITOps',
> notafter='1922315858', group_id='vault'
> 71 Connect [email protected] as anonymous on
> openxpki_itops
> 71 Query SET autocommit=0
> 71 Query SET SESSION TRANSACTION ISOLATION LEVEL READ COMMITTED
> 71 Query INSERT INTO backend_session (session_id, created,
> ip_address, data, modified) VALUES ('+J+9pX8lSoeb3eYHtvhRlg==', '1606596607',
> NULL, 'JSON:{\"status\":\"SESSION_ID_SENT\",\"is_valid\":0}', '1606596607')
> ON DUPLICATE KEY UPDATE modified='1606596607',
> data='JSON:{\"status\":\"SESSION_ID_SENT\",\"is_valid\":0}', ip_address=NULL
> 71 Query COMMIT
> 71 Query INSERT INTO backend_session (session_id, created,
> ip_address, data, modified) VALUES ('+J+9pX8lSoeb3eYHtvhRlg==', '1606596607',
> NULL,
> 'JSON:{\"is_valid\":0,\"pki_realm\":\"democa\",\"status\":\"WAITING_FOR_AUTHENTICATION_STACK\"}',
> '1606596607') ON DUPLICATE KEY UPDATE
> data='JSON:{\"is_valid\":0,\"pki_realm\":\"democa\",\"status\":\"WAITING_FOR_AUTHENTICATION_STACK\"}',
> modified='1606596607', ip_address=NULL
> 71 Query COMMIT
> 71 Query INSERT INTO backend_session (session_id, created,
> ip_address, data, modified) VALUES ('+J+9pX8lSoeb3eYHtvhRlg==', '1606596607',
> NULL,
> 'JSON:{\"authentication_stack\":\"_System\",\"role\":\"System\",\"user\":\"anonymous\",\"is_valid\":\"1\",\"status\":\"MAIN_LOOP\",\"pki_realm\":\"democa\",\"userinfo\":{\"realname\":\"I18N_OPENXPKI_UI_USER_ANONYMOUS\"}}',
> '1606596607') ON DUPLICATE KEY UPDATE
> data='JSON:{\"authentication_stack\":\"_System\",\"role\":\"System\",\"user\":\"anonymous\",\"is_valid\":\"1\",\"status\":\"MAIN_LOOP\",\"pki_realm\":\"democa\",\"userinfo\":{\"realname\":\"I18N_OPENXPKI_UI_USER_ANONYMOUS\"}}',
> modified='1606596607', ip_address=NULL
> 71 Query COMMIT
> 71 Query SELECT certificate.data, certificate.subject,
> certificate.identifier, certificate.notbefore, certificate.notafter,
> certificate.subject_key_identifier FROM certificate INNER JOIN aliases ON (
> certificate.identifier = aliases.identifier ) WHERE ( ( aliases.alias =
> 'vault-1' AND aliases.pki_realm = 'democa' ) )
> 71 Query ROLLBACK
> 69 Quit
> 70 Quit
> 71 Query ROLLBACK
>
> Output
>
> Starting import
> Successfully imported certificate into database:
> Subject: CN=ITOps Intermediate Linux CA,OU=PKI,O=,C=CA
> Issuer: CN= Root CA
> Identifier: 2WU6_r562Vm_OfA7pZ9WqhllWNs
> Realm: ITOps
> Starting import
> Successfully imported certificate into database:
> Subject: CN=ITOps LinuxCA Internal DataVault
> Issuer: CN=ITOps Intermediate Linux CA,OU=PKI,O=,C=CA
> Identifier: VY9D0BFJ9gh2Zg5PHtEGIK4V6yM
> Realm: ITOps
> Deprecated - please use openxpkiadm alias with --file option instead
> 2020/11/28 15:50:07 I18N_OPENXPKI_CRYPTO_TOKENMANAGER_ADD_TOKEN_CREATE_FAILED
> Error running command:
> I18N_OPENXPKI_CRYPTO_TOKENMANAGER_ADD_TOKEN_CREATE_FAILED at
> /usr/share/perl5/OpenXPKI/Client/Simple.pm line 352.
> 2020/11/28 15:50:11 I18N_OPENXPKI_CRYPTO_TOKENMANAGER_ADD_TOKEN_CREATE_FAILED
> Error running command:
> I18N_OPENXPKI_CRYPTO_TOKENMANAGER_ADD_TOKEN_CREATE_FAILED at
> /usr/share/perl5/OpenXPKI/Client/Simple.pm line 352.
> Starting import
> Successfully imported certificate into database:
> Subject: CN=lxscep.itops.pki..net:scep-ra
> Issuer: CN=ITOps Intermediate Linux CA,OU=PKI,O=,C=CA
> Identifier: gVKPQRjnjqFvi1t-vBnoU3alKUM
> Realm: ITOps
> Deprecated - please use openxpkiadm alias with --file option instead
> 2020/11/28 15:50:13 I18N_OPENXPKI_CRYPTO_TOKENMANAGER_ADD_TOKEN_CREATE_FAILED
> Error running command:
> I18N_OPENXPKI_CRYPTO_TOKENMANAGER_ADD_TOKEN_CREATE_FAILED at
> /usr/share/perl5/OpenXPKI/Client/Simple.pm line 352.
>
>
> _______________________________________________
> OpenXPKI-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/openxpki-users
--
Protect your environment - close windows and adopt a penguin!
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
