More information, in case anyone cares to pitch in, or for future people
having the same problem:
The key that was left in /etc/openxpki/ca/vault-1.pem (not sure who or what
generated this file) does not match any key generated by
the sampleconfig.sh script:
root@04908b0d71e6:/etc/openxpki/ca/democa# openssl rsa -in ../vault-1.pem
-noout -modulus | openssl sha1
(stdin)= *488672da98c4e16de8b5a7d6b83180ddfe1893ce*
root@04908b0d71e6:/etc/openxpki/ca/democa# ls *.key
OpenXPKI_DataVault.key OpenXPKI_Issuing_CA.key OpenXPKI_Root_CA.key
OpenXPKI_SCEP_RA.key OpenXPKI_WebUI.key
root@04908b0d71e6:/etc/openxpki/ca/democa# openssl rsa -in
OpenXPKI_DataVault.key -noout -modulus | openssl sha1
Enter pass phrase for OpenXPKI_DataVault.key:
(stdin)= *189adabc716b033098f487e17139484baf52d532*
root@04908b0d71e6:/etc/openxpki/ca/democa# openssl rsa -in
OpenXPKI_Issuing_CA.key -noout -modulus | openssl sha1
Enter pass phrase for OpenXPKI_Issuing_CA.key:
(stdin)= *f095fe95f3b344b33d4f3c6222eb2c9df9ab0f0d*
root@04908b0d71e6:/etc/openxpki/ca/democa# openssl rsa -in
OpenXPKI_Root_CA.key -noout -modulus | openssl sha1
Enter pass phrase for OpenXPKI_Root_CA.key:
(stdin)= *b40858d0e29a15fdb43942b1231143e7224660f7*
root@04908b0d71e6:/etc/openxpki/ca/democa# openssl rsa -in
OpenXPKI_SCEP_RA.key -noout -modulus | openssl sha1
Enter pass phrase for OpenXPKI_SCEP_RA.key:
(stdin)= *2a25200f762ba7cb3a92784a49b03f4fc257360e*
root@04908b0d71e6:/etc/openxpki/ca/democa# openssl rsa -in
OpenXPKI_WebUI.key -noout -modulus | openssl sha1
Enter pass phrase for OpenXPKI_WebUI.key:
(stdin)= *332693338aa237c2337489eaf12c08a90cc4a235*
On Thu, Feb 11, 2021 at 7:26 PM Alejandro Imass <aim...@yabarana.com> wrote:
> Hi there,
>
> I'm guessing this has been asked a million times and I searched the
> archives to no avail. I've looked at all the permissions and everything
> seems fine, and the key never becomes usable. I've RTFMd but I followed
> everything on the manual.
>
> This test install was done with Docker. Everything setup fine. Then I
> ran sampleconfig.sh and all the certificates were created and loaded as
> expected.
>
> One thing I did notice. /etc/openxpki/local/keys/vault-1.pem did not
> exist, but the pem was n fact in the ca directory, so I created
> the /etc/openxpki/local/keys path all 0600 and copied the key from the ca
> directory to there with 0440. I also tried 0400. Nothing seems to work, but
> everything looks good. Any ideas? Any other info I can provide for your
> kind help?
>
> Thanks!
> Alex
>
> openxpkicli version
> {
> "config" : {
> "api" : "3.6",
> "commit" : null,
> "config" : "3.6"
> },
> "server" : {
> "api" : 2,
> "version" : "3.8.1"
> }
> }
>
>
> openxpkicli get_token_info --arg alias=vault-1
> {
> "key_name" : "/etc/openxpki/local/keys/vault-1.pem",
> "key_secret" : 1,
> "key_store" : "OPENXPKI",
> "key_usable" : 0
> }
>
>
>
_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users
