Hello Dimitri, It is probably easier than you think. You can use a self-signed certificate for these steps. Especially for a private/test environment. These are simple to generate using the openssl command on any *nix machine.
The process consists of generating a private key and CSR (Certificate Signing Request) and then sign the CSR to "create" your certificate. With a self-signed certificate, you perform the final step yourself (hence self-signed), instead of sending it off to a CA. You can combine the generation of key, CSR and signing in one single openssl command: # openssl req -x509 -newkey rsa:4096 -keyout private_key.pem -out certificate_file.crt -days 365 - rsa:4096 is keylength - keyout is file name of private key -out is filename of certificate - days is certificate validity time You may specify -nodes if you do not want to be bothered with entering passwords when accessing/using the private key. For more information a simple internet query for "openssl self signed" will yield more examples and information then one can read in a life time. Good luck, - Jan -----Original Message----- From: Dimitri TIMOCHENKO via OpenXPKI-users <openxpki-users@lists.sourceforge.net> Sent: maandag 26 april 2021 13:32 To: openxpki-users@lists.sourceforge.net Cc: Dimitri TIMOCHENKO <dimitri.timoche...@laposte.net>; 'Martin Bartosch' <vc-...@cynops.de> Subject: Re: [OpenXPKI-users] Cannot install. Where to obtain DataVault Key and DataVault certificate? Hello, Yes, I got it right that I should not use the sampleconfig. The problem is that while the OpenXPKI server is not yet operational (installation not yet finished), the documentation still misses these 2 critical steps. You have proposed me to > Refer to > https://openxpki.readthedocs.io/en/latest/quickstart.html#create-datavault-token This section says: Create DataVault Token The DataVault is a self-signed certificate using an RSA key, see #2 above. #2 above: Create a key/certificate for the internal datavault (ca = false, can be below the ca but can also be self-signed). [HOW?] Copy the DataVault key file [FROM WHERE?] to /etc/openxpki/local/keys/vault-1.pem, it should have 0400 permission owned by the openxpki user. Now import the certificate: $ openxpkiadm certificate import --file vault.crt [the file does not exist] --- The problem is that the documentation does not say how to create these 2 files: vault-1.pem and vault.crt. What commands should be used (examples?)? At that point, the openxpki server is not yet configured nor started; the "Create DataVault Token" section says nothing on where to find these files or HOW to create them. Below I see some other examples on the green background, but not on how to generate or obtain these 2 files. What are the commands to create them? Do you require a payment for this knowledge, please? I plan to install this platform privately at home, and I am not involved in any business that could use your software or justify purchasing your Enterprise Edition. Thanks, -----Original Message----- From: Martin Bartosch <vc-...@cynops.de> Sent: Sunday, April 25, 2021 2:10 PM To: openxpki-users@lists.sourceforge.net Cc: Dimitri TIMOCHENKO <dimitri.timoche...@laposte.net> Subject: Re: [OpenXPKI-users] Cannot install. Where to obtain DataVault Key and DataVault certificate? Dimitry, Thanks for the constructive criticism and your interest in OpenXPKI. > In the documentation site production installation doc seems to be incomplete. > https://openxpki.readthedocs.io/en/latest/ > The so-called “Quickstart” page does not allow installing the server in the > production mode (without sampleconfig.sh). As mentioned previously, end users are not supposed to install a production system using sampleconfig.sh. If you are considering to do so you are most probably doing something wrong in your PKI design. An OpenSource PKI project provides you with the tool to implement an Enterprise grade PKI. It does not design a PKI for you. > The Create DataVault Token section misses 2 critical steps: > 1. Copy the DataVault Key file to /etc/openxpki/local/keys/vault-1.pem > - Where to obtain this file??? > 2. Import the certificate vault.crt - Where to obtain this file??? Refer to https://openxpki.readthedocs.io/en/latest/quickstart.html#create-datavault-token > This absence renders the installation impossible and the whole “product” > unusable. > Did somebody find these 2 files? As clearly documented the administrator is supposed to create these files with the newly deployed PKI- > Is there a COMPLETE installation document, please? We believe that the OpenSource documentation provides an adequate level of introduction about the core concepts of OpenXPKI, enabling users with a PKI background to implement the system in their environment. Customers of our Enterprise Edition have the privilege of getting a thorough and complete documentation of the entire system. If you are interested in this version of the product or professional services on designing and implementing your PKI do not hesitate to contact White Rabbit Security GmbH. Best regards, Martin --- Best regards, Dimitri _______________________________________________ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users _______________________________________________ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
