Hi Oliver,
Thanks for your prompt reply. I did not change the passwords, this just a
spike to try to get a demo setup running to get a feel on how OpenXPKI
works.
I got it working another way (see my previous response to myself).
Basically since the modulus of the keys didn't match any key generated from
the script I assumed the /etc/openxpki/ca/vault-1.pem was garbage
So this is what I did (*maybe it's wrong, please comment if so!*) but it
worked.
(from /etc/openxpki/ca/democa)
mv ../vault-1.pem ../vault-1.bad
openssl rsa -in ./OpenXPKI_DataVault.key -out ../vault-1.pem
rm -f ../local/keys/vault-1.pem
cp vault-1.pem ../local/keys/
To verify:
openxpkicli reload
openxpkicli get_token_info --arg alias=vault-1
Pardon the newbiness and comments welcome!
Thanks again,
Alex
On Fri, Feb 12, 2021 at 9:45 AM Oliver Welter <m...@oliwel.de> wrote:
> Hi,
>
> did you change the passwords in the sample script? If the answer is yes,
> you need to change the password also in system/crypto.yaml.
>
> Oliver
>
> Am 12.02.21 um 15:30 schrieb Alejandro Imass:
>
> More information, in case anyone cares to pitch in, or for future people
> having the same problem:
>
> The key that was left in /etc/openxpki/ca/vault-1.pem (not sure who or
> what generated this file) does not match any key generated by
> the sampleconfig.sh script:
>
> root@04908b0d71e6:/etc/openxpki/ca/democa# openssl rsa -in ../vault-1.pem
> -noout -modulus | openssl sha1
> (stdin)= *488672da98c4e16de8b5a7d6b83180ddfe1893ce*
> root@04908b0d71e6:/etc/openxpki/ca/democa# ls *.key
> OpenXPKI_DataVault.key OpenXPKI_Issuing_CA.key OpenXPKI_Root_CA.key
> OpenXPKI_SCEP_RA.key OpenXPKI_WebUI.key
> root@04908b0d71e6:/etc/openxpki/ca/democa# openssl rsa -in
> OpenXPKI_DataVault.key -noout -modulus | openssl sha1
> Enter pass phrase for OpenXPKI_DataVault.key:
> (stdin)= *189adabc716b033098f487e17139484baf52d532*
> root@04908b0d71e6:/etc/openxpki/ca/democa# openssl rsa -in
> OpenXPKI_Issuing_CA.key -noout -modulus | openssl sha1
> Enter pass phrase for OpenXPKI_Issuing_CA.key:
> (stdin)= *f095fe95f3b344b33d4f3c6222eb2c9df9ab0f0d*
> root@04908b0d71e6:/etc/openxpki/ca/democa# openssl rsa -in
> OpenXPKI_Root_CA.key -noout -modulus | openssl sha1
> Enter pass phrase for OpenXPKI_Root_CA.key:
> (stdin)= *b40858d0e29a15fdb43942b1231143e7224660f7*
> root@04908b0d71e6:/etc/openxpki/ca/democa# openssl rsa -in
> OpenXPKI_SCEP_RA.key -noout -modulus | openssl sha1
> Enter pass phrase for OpenXPKI_SCEP_RA.key:
> (stdin)= *2a25200f762ba7cb3a92784a49b03f4fc257360e*
> root@04908b0d71e6:/etc/openxpki/ca/democa# openssl rsa -in
> OpenXPKI_WebUI.key -noout -modulus | openssl sha1
> Enter pass phrase for OpenXPKI_WebUI.key:
> (stdin)= *332693338aa237c2337489eaf12c08a90cc4a235*
>
>
> On Thu, Feb 11, 2021 at 7:26 PM Alejandro Imass <aim...@yabarana.com>
> wrote:
>
>> Hi there,
>>
>> I'm guessing this has been asked a million times and I searched the
>> archives to no avail. I've looked at all the permissions and everything
>> seems fine, and the key never becomes usable. I've RTFMd but I followed
>> everything on the manual.
>>
>> This test install was done with Docker. Everything setup fine. Then I
>> ran sampleconfig.sh and all the certificates were created and loaded as
>> expected.
>>
>> One thing I did notice. /etc/openxpki/local/keys/vault-1.pem did not
>> exist, but the pem was n fact in the ca directory, so I created
>> the /etc/openxpki/local/keys path all 0600 and copied the key from the ca
>> directory to there with 0440. I also tried 0400. Nothing seems to work, but
>> everything looks good. Any ideas? Any other info I can provide for your
>> kind help?
>>
>> Thanks!
>> Alex
>>
>> openxpkicli version
>> {
>> "config" : {
>> "api" : "3.6",
>> "commit" : null,
>> "config" : "3.6"
>> },
>> "server" : {
>> "api" : 2,
>> "version" : "3.8.1"
>> }
>> }
>>
>>
>> openxpkicli get_token_info --arg alias=vault-1
>> {
>> "key_name" : "/etc/openxpki/local/keys/vault-1.pem",
>> "key_secret" : 1,
>> "key_store" : "OPENXPKI",
>> "key_usable" : 0
>> }
>>
>>
>>
>
> _______________________________________________
> OpenXPKI-users mailing
> listOpenXPKI-users@lists.sourceforge.nethttps://lists.sourceforge.net/lists/listinfo/openxpki-users
>
>
> --
> Protect your environment - close windows and adopt a penguin!
>
> _______________________________________________
> OpenXPKI-users mailing list
> OpenXPKI-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openxpki-users
>
_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users
