Hi Oliver,
Thank you for the reply
I found workaround to install it and is working, but the problem was,
when I started testing add/remove certificate/keys for realm, with
openxpkiadm you can't clean everything to start from beginning.
I figure out how to clean it from DB and at this moment is working, but
when I login with user(with password) on home page there is :
Unknown application error
It is working fine, but such error. In catchall.log there is only
2023/04/10 09:44:04 openxpki.auth.INFO Got invalid auth result from
handler Operator Password [pid=157|sid=0RUR]
2023/04/10 09:44:04 openxpki.auth.INFO Login successful (user: ivo,
role: User) [pid=157|sid=0RUR]
Invalid auth, but login successful.
Regards,
Ivaylo
On 10.04.23 г. 12:35 ч., Oliver Welter wrote:
Hi Ivaylo,
openxpkiadm can be used to setup the required tokens as outlined in
the quickstart but as OpenXPKI supports a lot of different
configuration styles there is no "single way of truth" and therefore
the openxpkiadm command does NOT provide a full interface to the
internals of the system.
best regards
Oliver
On 04.04.23 22:44, Ivaylo M. Ivanov via OpenXPKI-users wrote:
Hello everybody,
I am testing deployment of openxpki on kubernetes with docker image :
whiterabbitsecurity/openxpki3:3.24. I am writing how-to guide about
this deployment and now i have following questions, is that a normal
behaviour for the system.
1. How can list Root CA? I can see it only in database, but
"openxpkiadm certificate list -all" doesn't show it. It is not in use
in any alias
2. Import CA issuer certificate&key without root CA in DB -> The
following command imports only in certificate table, and nothing in
datapool table. Is this normal?
openxpkiadm alias --file oic-ca.crt --realm oic-ca --token certsign
--key oic-cakey.key
2023/04/04 18:36:11 Unable to find issuer; __query__ => $VAR1 = {
'subject_key_identifier' =>
'C8:8F:7C:E6:D4:5E:02:08:6F:EE:B2:9F:33:EA:E3:BA:BE:3F:04:8C'
};
Unable to find issuer
__query__: $VAR1 = {
'subject_key_identifier' =>
'C8:8F:7C:E6:D4:5E:02:08:6F:EE:B2:9F:33:EA:E3:BA:BE:3F:04:8C'
};
3. Why to import only vault.crt without realm? If you add cert&key
for a realm, the cert in certificate table left without realm. Isn't
this a problem?
openxpkiadm certificate import --file vault.crt
openxpkiadm alias --file oic-ca.crt --realm oic-ca --token certsign
--key oic-cakey.key
4. Cannot delete certificate not used in any realm
openxpkiadm certificate list -all
Certificates in oic-ca:
Identifier: 1KAG8Mztx1Vs-q5Lw0tKc-xfB8s
Identifier: YBDf7z5vjjLpDTDfVCEt6p8fOAA
root@openxpki-sts-0:/etc/openxpki/local# openxpkiadm certificate
remove --realm oic-ca --name YBDf7z5vjjLpDTDfVCEt6p8fOAA
I18N_OPENXPKI_SERVER_CONTEXT_CTX_OBJECT_NOT_DEFINED
OBJECT: session
5. Why no keys in output of this command openxpkiadm key list --realm
oic-ca. But there is data in datapool.
Regards,
Ivaylo Ivanov
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
