After tunning the log level to DEBUG, I managed to find out why publish CRL
failed. For some reason,
the Connector::Builtin::File::Path module is unable to create a new file:
2023/02/22 08:21:42 767 Publishing to 'publishing.crl.crl.Grid Canada
Certificate Authority 2' failed: Unable to open file for writing at
/usr/local/share/perl5/5.32/Connector/Builtin/File/Path.pm line 156, <DATA>
line 1.
If I touch the CRL file first, I am able to public the new CRL.
Cheers,
Lixin.
From: Lixin Liu <l...@sfu.ca>
Date: Tuesday, February 21, 2023 at 1:02 PM
To: "openxpki-users@lists.sourceforge.net"
<openxpki-users@lists.sourceforge.net>
Subject: Questions about publishing CRL and use san_email
Hi,
Questions about setting up openxpki.
First, I can issue CRL correctly, but I am unable to publish it (to local
directory). Here is the log:
2023/02/21 12:37:37 openxpki.workflow.INFO Workflow
255/crl_issuance/PUBLISH_CRL executed 'global_noop' (autorun) in state
'LOAD_NEXT_CA' [pid=5350|sid=zm60|wftype=crl_issuance|wfid=255]
2023/02/21 12:37:37 openxpki.workflow.INFO Workflow
255/crl_issuance/PUBLISH_CRL changed from state 'LOAD_NEXT_CA'
[pid=5350|sid=zm60|wftype=crl_issuance|wfid=255]
2023/02/21 12:37:37 openxpki.workflow.INFO Workflow
255/crl_issuance/PUBLISH_CRL_GLOBAL_TMP_QUEUE_NEXT_ITEM_0 executed
'global_tmp_queue_next_item' (autorun) in state 'PUBLISH_CRL'
[pid=5350|sid=zm60|wftype=crl_issuance|wfid=255]
2023/02/21 12:37:37 openxpki.workflow.INFO Workflow
255/crl_issuance/PUBLISH_CRL_GLOBAL_TMP_QUEUE_NEXT_ITEM_0 changed from state
'PUBLISH_CRL' [pid=5350|sid=zm60|wftype=crl_issuance|wfid=255]
2023/02/21 12:37:37 openxpki.application.INFO Publication failed for target
crl, requeuing [pid=5350|sid=zm60|wftype=crl_issuance|wfid=255]
2023/02/21 12:37:37 openxpki.workflow.INFO Workflow
255/crl_issuance/PUBLISH_CRL_GLOBAL_TMP_QUEUE_NEXT_ITEM_0 paused at action
crl_publish_crl, cause: I18N_OPENXPKI_UI_ERROR_DURING_PUBLICATION
[pid=5350|sid=zm60|wftype=crl_issuance|wfid=255]
2023/02/21 12:37:37 openxpki.application.INFO Action crl_publish_crl paused
(I18N_OPENXPKI_UI_ERROR_DURING_PUBLICATION), wakeup 2023-02-21T20:37:52
[pid=5350|sid=zm60|wftype=crl_issuance|wfid=255]
2023/02/21 12:37:37 OpenXPKI.Server.Workflow.ERROR Caught exception from
action: [Generic exception]; reset workflow to old state
'PUBLISH_CRL_GLOBAL_TMP_QUEUE_NEXT_ITEM_0'
[pid=5350|sid=zm60|wftype=crl_issuance|wfid=255]
In publishing.yaml, I have
crl:
crl@: connector:publishing.connectors.cdp
connectors:
cdp:
class: Connector::Builtin::File::Path
LOCATION: /var/www/openxpki/CertEnroll/
file: "[% ARGS.0 %].crl"
content: "[% pem %]"
The second question is about SAN email configuration:
Following the “05_advanced_style” example in sample.yaml, I defined san_email,
but it failed to recognize
email address. From what I can see “san_email” is not defined in profile
template. I can work around the
issue by adding email to ui subject and then set to subject -> san -> email. Is
there a plan to fix this in the
future, or this is the proper way doing it.
Thanks!
Lixin.
_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users
