Re: [OpenXPKI-users] openxpki in k8s - deployment unxplainable behaviour

Mon, 10 Apr 2023 02:36:32 -0700 

Hi Ivaylo,
openxpkiadm can be used to setup the required tokens as outlined in the quickstart but as OpenXPKI supports a lot of different configuration styles there is no "single way of truth" and therefore the openxpkiadm command does NOT provide a full interface to the internals of the system. 

best regards

Oliver

On 04.04.23 22:44, Ivaylo M. Ivanov via OpenXPKI-users wrote:

Hello everybody,


I am testing deployment of openxpki on kubernetes with docker image : 
whiterabbitsecurity/openxpki3:3.24. I am writing how-to guide about 
this deployment and now i have following questions, is that a normal 
behaviour for the system.



1. How can list Root CA? I can see it only in database, but 
"openxpkiadm certificate list -all" doesn't show it. It is not in use 
in any alias
2. Import CA issuer certificate&key without root CA in DB -> The 
following command imports only in certificate table, and nothing in 
datapool table. Is this normal?
 openxpkiadm alias --file oic-ca.crt --realm oic-ca --token certsign  
--key oic-cakey.key


2023/04/04 18:36:11 Unable to find issuer; __query__ => $VAR1 = {

          'subject_key_identifier' => 
'C8:8F:7C:E6:D4:5E:02:08:6F:EE:B2:9F:33:EA:E3:BA:BE:3F:04:8C'

        };
Unable to find issuer
   __query__: $VAR1 = {

          'subject_key_identifier' => 
'C8:8F:7C:E6:D4:5E:02:08:6F:EE:B2:9F:33:EA:E3:BA:BE:3F:04:8C'

        };


3. Why to import only vault.crt without realm? If you add cert&key for 
a realm, the cert in certificate table left without realm. Isn't this 
a problem?

openxpkiadm certificate import --file vault.crt

openxpkiadm alias --file oic-ca.crt --realm oic-ca --token certsign  
--key oic-cakey.key


4. Cannot delete certificate not used in any realm
openxpkiadm certificate list -all

Certificates in oic-ca:

  Identifier: 1KAG8Mztx1Vs-q5Lw0tKc-xfB8s

  Identifier: YBDf7z5vjjLpDTDfVCEt6p8fOAA

root@openxpki-sts-0:/etc/openxpki/local# openxpkiadm certificate 
remove --realm oic-ca --name YBDf7z5vjjLpDTDfVCEt6p8fOAA

I18N_OPENXPKI_SERVER_CONTEXT_CTX_OBJECT_NOT_DEFINED
   OBJECT: session

5. Why no keys in output of this command openxpkiadm key list --realm 
oic-ca. But there is data in datapool.


Regards,
Ivaylo Ivanov



_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users


--
Protect your environment -  close windows and adopt a penguin!



_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users






















					Reply via email to