Hello everybody,
I am testing deployment of openxpki on kubernetes with docker image :
whiterabbitsecurity/openxpki3:3.24. I am writing how-to guide about this
deployment and now i have following questions, is that a normal
behaviour for the system.
1. How can list Root CA? I can see it only in database, but "openxpkiadm
certificate list -all" doesn't show it. It is not in use in any alias
2. Import CA issuer certificate&key without root CA in DB -> The
following command imports only in certificate table, and nothing in
datapool table. Is this normal?
openxpkiadm alias --file oic-ca.crt --realm oic-ca --token certsign
--key oic-cakey.key
2023/04/04 18:36:11 Unable to find issuer; __query__ => $VAR1 = {
'subject_key_identifier' =>
'C8:8F:7C:E6:D4:5E:02:08:6F:EE:B2:9F:33:EA:E3:BA:BE:3F:04:8C'
};
Unable to find issuer
__query__: $VAR1 = {
'subject_key_identifier' =>
'C8:8F:7C:E6:D4:5E:02:08:6F:EE:B2:9F:33:EA:E3:BA:BE:3F:04:8C'
};
3. Why to import only vault.crt without realm? If you add cert&key for a
realm, the cert in certificate table left without realm. Isn't this a
problem?
openxpkiadm certificate import --file vault.crt
openxpkiadm alias --file oic-ca.crt --realm oic-ca --token certsign
--key oic-cakey.key
4. Cannot delete certificate not used in any realm
openxpkiadm certificate list -all
Certificates in oic-ca:
Identifier: 1KAG8Mztx1Vs-q5Lw0tKc-xfB8s
Identifier: YBDf7z5vjjLpDTDfVCEt6p8fOAA
root@openxpki-sts-0:/etc/openxpki/local# openxpkiadm certificate remove
--realm oic-ca --name YBDf7z5vjjLpDTDfVCEt6p8fOAA
I18N_OPENXPKI_SERVER_CONTEXT_CTX_OBJECT_NOT_DEFINED
OBJECT: session
5. Why no keys in output of this command openxpkiadm key list --realm
oic-ca. But there is data in datapool.
Regards,
Ivaylo Ivanov
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
