Hi Oliver thanks for your reply. I've now reinstalled openxpki serveral times and always getting the same result. I've no password set my keys and also generated new ones for testing purposes.
But I've read a few lines more in the log file and it looks like there is something wrong with my CA Key. But google couldn't tell me how to fix it. Perhaps you have a hint for me. The complete log entry looks like this: > 2022/07/18 16:43:31 ERROR OpenSSL error: Using configuration from > /var/tmp/openxpki16952BKbBheku/openssl.cnf > 140191495206080:error:2207707B:X509 V3 routines:v2i_AUTHORITY_KEYID:unable to > get issuer keyid:../crypto/x509v3/v3_akey.c:144: > 140191495206080:error:22098080:X509 V3 routines:X509V3_EXT_nconf:error in > extension:../crypto/x509v3/v3_conf.c:47:name=authorityKeyIdentifier, > value=keyid:always > [pid=16952|user=Anonymous|role=System|sid=YMB+|wftype=crl_issuance|wfid=255] > 2022/07/18 16:43:31 ERROR I18N_OPENXPKI_CRYPTO_CLI_EXECUTE_FAILED; > __COMMAND__ => ca -gencrl -out /var/tmp/openxpki169521sN3AmO8 -passin > env:pwd, __EXIT_STATUS__ => 256 > [pid=16952|user=Anonymous|role=System|sid=YMB+|wftype=crl_issuance|wfid=255] > 2022/07/18 16:43:31 ERROR I18N_OPENXPKI_TOOLKIT_COMMAND_FAILED; __COMMAND__ > => OpenXPKI::Crypto::Backend::OpenSSL::Command::issue_crl, __ERRVAL__ => > I18N_OPENXPKI_CRYPTO_CLI_EXECUTE_FAILED; __COMMAND__ => ca -gencrl -out > /var/tmp/openxpki169521sN3AmO8 -passin env:pwd, __EXIT_STATUS__ => 256 > [pid=16952|user=Anonymous|role=System|sid=YMB+|wftype=crl_issuance|wfid=255] > 2022/07/18 16:43:31 ERROR I18N_OPENXPKI_SERVER_WORKFLOW_ERROR_ON_EXECUTE; > __ACTION__ => global_nice_issue_crl, __ERROR__ => > I18N_OPENXPKI_TOOLKIT_COMMAND_FAILED; __COMMAND__ => > OpenXPKI::Crypto::Backend::OpenSSL::Command::issue_crl, __ERRVAL__ => > I18N_OPENXPKI_CRYPTO_CLI_EXECUTE_FAILED; __COMMAND__ => ca -gencrl -out > /var/tmp/openxpki169521sN3AmO8 -passin env:pwd, __EXIT_STATUS__ => 256, > __EXCEPTION__ => OpenXPKI::Exception > [pid=16952|user=Anonymous|role=System|sid=YMB+|wftype=crl_issuance|wfid=255] > 2022/07/18 16:43:31 ERROR Error executing workflow activity 'crl_initialize' > on workflow id 255 (type crl_issuance): > I18N_OPENXPKI_SERVER_WORKFLOW_ERROR_ON_EXECUTE; __ACTION__ => > global_nice_issue_crl, __ERROR__ => I18N_OPENXPKI_TOOLKIT_COMMAND_FAILED; > __COMMAND__ => OpenXPKI::Crypto::Backend::OpenSSL::Command::issue_crl, > __ERRVAL__ => I18N_OPENXPKI_CRYPTO_CLI_EXECUTE_FAILED; __COMMAND__ => ca > -gencrl -out /var/tmp/openxpki169521sN3AmO8 -passin env:pwd, __EXIT_STATUS__ > => 256, __EXCEPTION__ => OpenXPKI::Exception > [pid=16952|user=Anonymous|role=System|sid=YMB+|wftype=crl_issuance|wfid=255] > 2022/07/18 16:44:22 INFO Login successful (user: rob, role: RA Operator) > [pid=16956|sid=M8QL] My CA certificate is generated with the following command: > echo "[req] > distinguished_name = req_distinguished_name > req_extensions = v3_ca > prompt = no > [req_distinguished_name] > C = DE > ST = FOO > L = Bar > O = foobar > OU = Test > CN = CA > [v3_ca] > subjectKeyIdentifier=hash > authorityKeyIdentifier=keyid:always,issuer:always > basicConstraints = critical,CA:true" > /tmp/ca-req.conf > openssl genrsa -out /root/ca-key.pem > openssl req -x509 -new -nodes -key /root/ca-key.pem -days 7300 -out > /root/ca-root.pem -sha512 -config /tmp/ca-req.conf Do I have to create my CA cert differently? Or do I have to register it in the openssl config somewhere? I've also attached the script that I've used to set up openxpki on a minimal debian buster installation. Thanks for your help. Thomas Von: Oliver Welter <[email protected]> Gesendet: Freitag, 15. Juli 2022 09:13 An: [email protected] <[email protected]> Betreff: EXT: Re: [OpenXPKI-users] Backend Communication Error Hi Thomas, the command to be run is the parameter part which is executed using openssl. Educated guess: The key password is wrong? Is your ca key protected by a password and is this matching the setup in crypto.yaml? Oliver On 14.07.22 11:37, Zimmermann Thomas via OpenXPKI-users wrote: > Hi, > I've installed openxpki 3.20.0 on debian buster according to the Quickstart > Guide. > > After calling openxpkictl start, the webinterface and login are working. > But when I issue a test certificate, the workflow is paused due to "Backend > Communication Error". > > In /var/log/openxpki/openxpki.log I'm getting the following lines: > > 2022/07/14 05:01:38 ERROR I18N_OPENXPKI_CRYPTO_CLI_EXECUTE_FAILED; > __COMMAND__ => ca -batch -subj /DC=org/DC=OpenXPKI/DC=Test Deployment/CN=test > -out /var/tmp/openxpki46125nPhIpjS -in /var/tmp/openxpki4612rSgYbd2j -passin > env:pwd, __EX > IT_STATUS__ => 256 [pid=4612|user=rob|role=RA > Operator|sid=A2b3|wftype=certificate_signing_request_v2|wfid=1023] > > 2022/07/14 05:01:38 ERROR I18N_OPENXPKI_TOOLKIT_COMMAND_FAILED; __COMMAND__ > => OpenXPKI::Crypto::Backend::OpenSSL::Command::issue_cert, __ERRVAL__ => > I18N_OPENXPKI_CRYPTO_CLI_EXECUTE_FAILED; __COMMAND__ => ca -batch -subj > /DC=org/DC=Op > enXPKI/DC=Test Deployment/CN=test -out /var/tmp/openxpki46125nPhIpjS -in > /var/tmp/openxpki4612rSgYbd2j -passin env:pwd, __EXIT_STATUS__ => 256 > [pid=4612|user=rob|role=RA > Operator|sid=A2b3|wftype=certificate_signing_request_v2|wfid=1023 > ] > > For me it looks like openxpki want's to execute a binary called ca, which > doesn't exist. > What can I do to fix this error? > > Thanks, > Thomas _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
openxpki.sh
Description: openxpki.sh
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
