Hi Elias, hmm - the import does not check if the key and the cert matches, it even does not check if the key is really a keyand just writes the BLOBs to the datapool.
To export the key from the datapool use this line and check if it is a correct PEM block and if it works with the password given: openxpkicli get_data_pool_entry --arg namespace=sys.crypto.keys --arg key=ca-signer-1 Please also have a look into the logfiles in /var/log/openxpki/ if you can find any errors there. Oliver Am 09.06.21 um 10:43 schrieb Steiner Elias SBB CFF FFS via OpenXPKI-users: > > Hello Oliver ups this was a typo > > But no badly this is it not… > > > > > > *Von:*Oliver Welter <[email protected]> > *Gesendet:* Mittwoch, 9. Juni 2021 10:37 > *An:* [email protected] > *Betreff:* Re: [OpenXPKI-users] Private Key missmatch > > > > Hi Elias, > > > > the alias command says "--realm docscf" while you set "--realm democa" > for the "is_token_usable" call. Is this a typo or might this be the > problem already ;) > > > > Oliver > > > > Am 09.06.21 um 09:49 schrieb Steiner Elias SBB CFF FFS via OpenXPKI-users: > > Hello > > > > I have the follwoing problem: > > > > The ca certificate is not getting online in the openxpki. > > > > For the private key I used the same Password as DataVault and > saved it to the crypto.yaml > > > > The import of the certificate looks good: > > Input: > > openxpkiadm alias --realm docscf --token certsign --file > ca/subca.cert –key ca/privkey_subca.pem > > Output: > > Successfully wrote key to datapool with key 'ca-signer-1' > > Successfully wrote alias: > > Alias : ca-signer-1 > > Identifier: -VqlqCwcePkgAk_gbWmQN4EL6A0 > > NotBefore : 2021-06-08 13:43:49 > > NotAfter : 2027-06-07 13:43:49 > > > > > > Token is certsign, looking for root... > > Creating alias for root ca: > > Alias : root-1 > > Identifier: -VqlqCwcePkgAk_gbWmQN4EL6A0 > > NotBefore : 2021-06-08 13:43:49 > > NotAfter : 2027-06-07 13:43:49 > > > > But: > > openxpkicli is_token_usable --realm=democa --arg alias=ca-signer-1 > > > > returns <undef> > > > > As I understand the privat key will be saved in de vault and has > not to be at local/keys/docscf/ but sure I also tried this. > > > > Is there a step I miss? > > > > Elias > > > > > > > > > > Elias Steiner > > > > *SBB AG* > > Informatik / CYBER > > Poststrasse 6 - Ostermundigen, 3000 Bern 65 > > Mobil +41 77 257 07 03 > > [email protected] <mailto:[email protected]> / www.sbb.ch > <http://www.sbb.ch> > > > > > > > > > _______________________________________________ > > OpenXPKI-users mailing list > > [email protected] > <mailto:[email protected]> > > https://lists.sourceforge.net/lists/listinfo/openxpki-users > <https://lists.sourceforge.net/lists/listinfo/openxpki-users> > > > > -- > Protect your environment - close windows and adopt a penguin! > > > _______________________________________________ > OpenXPKI-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/openxpki-users -- Protect your environment - close windows and adopt a penguin!
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
