Hey again OpenXPKI friends My scep cert expired and I needed to create a new one. I did what I normally do for my signer certs… made a new key, used that key and my root CA to get a new cert… use openxpkiadm alias to import the cert and key.
I'm worried perhaps my database is corrupt…? Here's what happens: When I import the new scep cert and key, the system complains that it cannot find my certsign-2 certificate. If I use openxpkiadm certificate import, then the system is restored to a working status, but the new scep cert cannot be found. If re-import the scep cert, it again clears out the certsign-2 cert. Here's what that looks like: openxpkiadm alias --realm dzsec try/catch is experimental at / usr/local/lib/perl5/site_perl/OpenXPKI/Server/Init.pm line 103. try/catch is experimental at / usr/local/lib/perl5/site_perl/OpenXPKI/Server/Init.pm line 107. === functional token === vault (datasafe): Alias : vault-3 Identifier: am2CPXbrmtlyMTTtaTw5s4XTMro NotBefore : 2022-08-24 00:34:06 NotAfter : 2023-08-24 00:34:06 ca-signer (certsign): Alias : ca-signer-2 Identifier: Ss7Dw5jEUaQNXRMgE_JXVO3PRl4 NotBefore : 2022-05-16 00:00:00 (2022-05-11 15:36:08) NotAfter : 2025-05-10 15:36:08 scep (scep): 2023/05/24 14:28:16 Could not find a certificate with identifier; __IDENTIFIER__ => PkskwXLxzocOGVLVpd_KAgB4iAU Could not find a certificate with identifier __IDENTIFIER__: PkskwXLxzocOGVLVpd_KAgB4iAU —-- ╰─○ openxpkiadm certificate import --file ./ca-one-scep-5.crt --realm dzsec --token scep try/catch is experimental at / usr/local/lib/perl5/site_perl/OpenXPKI/Server/Init.pm line 103. try/catch is experimental at / usr/local/lib/perl5/site_perl/OpenXPKI/Server/Init.pm line 107. Starting import Successfully imported certificate into database: Subject: CN=SCEP-2,OU=core CA,DC=DZsec,DC=NET Issuer: CN=Root CA,OU=core CA,DC=DZsec,DC=net Identifier: PkskwXLxzocOGVLVpd_KAgB4iAU Realm: dzsec Deprecated - please use openxpkiadm alias with --file option instead Certificate already registered as alias: Alias : scep-2 Identifier: PkskwXLxzocOGVLVpd_KAgB4iAU NotBefore : 2023-05-24 19:16:15 NotAfter : 2024-12-09 19:16:15 certificate already exisits in group Alias: scep-2 —--- ╰─○ openxpkiadm alias --realm dzsec try/catch is experimental at / usr/local/lib/perl5/site_perl/OpenXPKI/Server/Init.pm line 103. try/catch is experimental at / usr/local/lib/perl5/site_perl/OpenXPKI/Server/Init.pm line 107. === functional token === scep (scep): Alias : scep-2 Identifier: PkskwXLxzocOGVLVpd_KAgB4iAU NotBefore : 2023-05-24 19:16:15 NotAfter : 2024-12-09 19:16:15 ca-signer (certsign): 2023/05/24 14:29:13 Could not find a certificate with identifier; __IDENTIFIER__ => Ss7Dw5jEUaQNXRMgE_JXVO3PRl4 Could not find a certificate with identifier __IDENTIFIER__: Ss7Dw5jEUaQNXRMgE_JXVO3PRl4 —-- ╰─○ openxpkiadm certificate import --file ./rollover_2022/ca-one-signer.crt --token certsign --realm dzsec try/catch is experimental at / usr/local/lib/perl5/site_perl/OpenXPKI/Server/Init.pm line 103. try/catch is experimental at / usr/local/lib/perl5/site_perl/OpenXPKI/Server/Init.pm line 107. Starting import Successfully imported certificate into database: Subject: CN=Signer 2,OU=core CA,DC=DZsec,DC=net Issuer: CN=Root CA,OU=core CA,DC=DZsec,DC=net Identifier: Ss7Dw5jEUaQNXRMgE_JXVO3PRl4 Realm: dzsec Deprecated - please use openxpkiadm alias with --file option instead Certificate already registered as alias: Alias : ca-signer-2 Identifier: Ss7Dw5jEUaQNXRMgE_JXVO3PRl4 NotBefore : 2022-05-16 00:00:00 (2022-05-11 15:36:08) NotAfter : 2025-05-10 15:36:08 certificate already exisits in group Alias: ca-signer-2 ╰─○ openxpkiadm alias --realm dzsec --token scep --file ./ca-one-scep-5.crt --key dzsec-scep-5.pem try/catch is experimental at / usr/local/lib/perl5/site_perl/OpenXPKI/Server/Init.pm line 103. try/catch is experimental at / usr/local/lib/perl5/site_perl/OpenXPKI/Server/Init.pm line 107. Certificate already registered as alias: 2023/05/24 14:30:08 Could not find a certificate with identifier; __IDENTIFIER__ => PkskwXLxzocOGVLVpd_KAgB4iAU Could not find a certificate with identifier __IDENTIFIER__: PkskwXLxzocOGVLVpd_KAgB4iAU
_______________________________________________ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
