And, in case this provides any more insight, here's my aliases === functional token === ca-signer (certsign): Alias : ca-signer-1 Identifier: H7_DJuEmAEppVvzsadtfPufca1Y NotBefore : 2020-11-08 03:52:59 NotAfter : 2023-11-08 03:52:59
scep (scep): Alias : scep-1 Identifier: t1PGk55B7nW5GAPxh_k30viFjDQ NotBefore : 2021-06-22 18:11:29 NotAfter : 2023-01-08 18:11:29 vault (datasafe): Alias : vault-2 Identifier: 8ztpZtRi0-qJDN8LN9WucwqvTC8 NotBefore : 2021-10-13 19:15:38 NotAfter : 2022-10-13 19:15:38 === root ca === current root ca: Alias : root-1 Identifier: 1jrExIbjvaH32Gt95NvWKczZNvA NotBefore : 2020-11-08 03:52:48 NotAfter : 2025-11-08 03:52:48 On Mon, May 09, 2022 at 4:18 PM, Nick Dawson <[email protected]> wrote: > Hey friends, > I needed sign some CSRs today and ran into a problem out of the blue. All > my attempts to issue a cert result in a paused workflow. I'm hoping y'all > might have some ideas for troubleshooting (and hopefully fixing). It seems > like the system cannot find my ca-signer > > In the system status, it is all green and shows the signer cert as online. > > Here's the error in my log: > > 2022/05/09 14:09:53 openxpki.application.ERROR NICE backend error: Could > not find token alias by group; __group__ => ca-signer, __noafter__ => > 1715285393, __notbefore__ => 1652126993, > > Here's my crypto.yml > > ca-signer: > inherit: default > key_store: DATAPOOL > key: "[% ALIAS %]" > #key: /usr/local/etc/openxpki/ca/dzsec/ca-one-signer-1.pem > secret: dzsecsec > > I tried to re-register the signer cert alias: > Certificate already registered as alias: > Alias : ca-signer-1 > Identifier: H7_DJuEmAEppVvzsadtfPufca1Y > NotBefore : 2020-11-08 03:52:59 > NotAfter : 2023-11-08 03:52:59 > > ERROR: certificate already exisits in group > Alias: ca-signer-1 > > Just for good measure, I tried to remove the alias: > openxpkiadm alias --realm dzsec --remove --alias ca-signer-1 > > And then re-added it successfully. I restarted mysql and OpenXPKI and I > still have the original issue. >
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
