Hi Oliver Thank you for your help. I generated now a privat key without phasphrase. This works fine for the moment. I will test later with a private key with a phasphrase
Kind regards elias Elias Steiner SBB AG Informatik / CYBER Poststrasse 6 - Ostermundigen, 3000 Bern 65 Mobil +41 77 257 07 03 [email protected] / www.sbb.ch Von: Oliver Welter <[email protected]> Gesendet: Mittwoch, 9. Juni 2021 11:32 An: [email protected] Betreff: Re: [OpenXPKI-users] Private Key missmatch Hi Elias, hmm - the import does not check if the key and the cert matches, it even does not check if the key is really a keyand just writes the BLOBs to the datapool. To export the key from the datapool use this line and check if it is a correct PEM block and if it works with the password given: openxpkicli get_data_pool_entry --arg namespace=sys.crypto.keys --arg key=ca-signer-1 Please also have a look into the logfiles in /var/log/openxpki/ if you can find any errors there. Oliver Am 09.06.21 um 10:43 schrieb Steiner Elias SBB CFF FFS via OpenXPKI-users: Hello Oliver ups this was a typo But no badly this is it not... [cid:[email protected]] Von: Oliver Welter <[email protected]><mailto:[email protected]> Gesendet: Mittwoch, 9. Juni 2021 10:37 An: [email protected]<mailto:[email protected]> Betreff: Re: [OpenXPKI-users] Private Key missmatch Hi Elias, the alias command says "--realm docscf" while you set "--realm democa" for the "is_token_usable" call. Is this a typo or might this be the problem already ;) Oliver Am 09.06.21 um 09:49 schrieb Steiner Elias SBB CFF FFS via OpenXPKI-users: Hello I have the follwoing problem: The ca certificate is not getting online in the openxpki. For the private key I used the same Password as DataVault and saved it to the crypto.yaml The import of the certificate looks good: Input: openxpkiadm alias --realm docscf --token certsign --file ca/subca.cert -key ca/privkey_subca.pem Output: Successfully wrote key to datapool with key 'ca-signer-1' Successfully wrote alias: Alias : ca-signer-1 Identifier: -VqlqCwcePkgAk_gbWmQN4EL6A0 NotBefore : 2021-06-08 13:43:49 NotAfter : 2027-06-07 13:43:49 Token is certsign, looking for root... Creating alias for root ca: Alias : root-1 Identifier: -VqlqCwcePkgAk_gbWmQN4EL6A0 NotBefore : 2021-06-08 13:43:49 NotAfter : 2027-06-07 13:43:49 But: openxpkicli is_token_usable --realm=democa --arg alias=ca-signer-1 returns <undef> As I understand the privat key will be saved in de vault and has not to be at local/keys/docscf/ but sure I also tried this. Is there a step I miss? Elias Elias Steiner SBB AG Informatik / CYBER Poststrasse 6 - Ostermundigen, 3000 Bern 65 Mobil +41 77 257 07 03 [email protected]<mailto:[email protected]> / www.sbb.ch<http://www.sbb.ch> _______________________________________________ OpenXPKI-users mailing list [email protected]<mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/openxpki-users -- Protect your environment - close windows and adopt a penguin! _______________________________________________ OpenXPKI-users mailing list [email protected]<mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/openxpki-users -- Protect your environment - close windows and adopt a penguin!
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
