Hi Lixin,
please make individual posts per question - thats easier to follow up :)
Regarding the CRL publishing that sounds like your path does not exist
or is not writable.
The "advanced" style is a leftover from a very old config setup and was
never really supported by the 3.x release - it is left there mainly as a
reference and you are right, the san_email template is missing in the
configuration. The suggested way is to use a matching template in the
subject section which looks like you already did.
Oliver
On 21.02.23 22:02, Lixin Liu wrote:
Hi,
Questions about setting up openxpki.
First, I can issue CRL correctly, but I am unable to publish it (to
local directory). Here is the log:
2023/02/21 12:37:37 openxpki.workflow.INFO Workflow
255/crl_issuance/PUBLISH_CRL executed 'global_noop' (autorun) in state
'LOAD_NEXT_CA' [pid=5350|sid=zm60|wftype=crl_issuance|wfid=255]
2023/02/21 12:37:37 openxpki.workflow.INFO Workflow
255/crl_issuance/PUBLISH_CRL changed from state 'LOAD_NEXT_CA'
[pid=5350|sid=zm60|wftype=crl_issuance|wfid=255]
2023/02/21 12:37:37 openxpki.workflow.INFO Workflow
255/crl_issuance/PUBLISH_CRL_GLOBAL_TMP_QUEUE_NEXT_ITEM_0 executed
'global_tmp_queue_next_item' (autorun) in state 'PUBLISH_CRL'
[pid=5350|sid=zm60|wftype=crl_issuance|wfid=255]
2023/02/21 12:37:37 openxpki.workflow.INFO Workflow
255/crl_issuance/PUBLISH_CRL_GLOBAL_TMP_QUEUE_NEXT_ITEM_0 changed from
state 'PUBLISH_CRL' [pid=5350|sid=zm60|wftype=crl_issuance|wfid=255]
2023/02/21 12:37:37 openxpki.application.INFO Publication failed for
target crl, requeuing [pid=5350|sid=zm60|wftype=crl_issuance|wfid=255]
2023/02/21 12:37:37 openxpki.workflow.INFO Workflow
255/crl_issuance/PUBLISH_CRL_GLOBAL_TMP_QUEUE_NEXT_ITEM_0 paused at
action crl_publish_crl, cause:
I18N_OPENXPKI_UI_ERROR_DURING_PUBLICATION
[pid=5350|sid=zm60|wftype=crl_issuance|wfid=255]
2023/02/21 12:37:37 openxpki.application.INFO Action crl_publish_crl
paused (I18N_OPENXPKI_UI_ERROR_DURING_PUBLICATION), wakeup
2023-02-21T20:37:52 [pid=5350|sid=zm60|wftype=crl_issuance|wfid=255]
2023/02/21 12:37:37 OpenXPKI.Server.Workflow.ERROR Caught exception
from action: [Generic exception]; reset workflow to old state
'PUBLISH_CRL_GLOBAL_TMP_QUEUE_NEXT_ITEM_0'
[pid=5350|sid=zm60|wftype=crl_issuance|wfid=255]
In publishing.yaml, I have
crl:
crl@: connector:publishing.connectors.cdp
connectors:
cdp:
class: Connector::Builtin::File::Path
LOCATION: /var/www/openxpki/CertEnroll/
file: "[% ARGS.0 %].crl"
content: "[% pem %]"
The second question is about SAN email configuration:
Following the “05_advanced_style” example in sample.yaml, I defined
san_email, but it failed to recognize
email address. From what I can see “san_email” is not defined in
profile template. I can work around the
issue by adding email to ui subject and then set to subject -> san ->
email. Is there a plan to fix this in the
future, or this is the proper way doing it.
Thanks!
Lixin.
_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users
--
Protect your environment - close windows and adopt a penguin!
_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users
