The openxpki docker images come with a script to import the
keys/certificates: setup-cert
The script seems to have problems when importing the vault credentials when
using multiple realms.
Is there a problem here? Or am I using this script incorrectly?
Is setup-cert still the recommended way to deploy your keys/certs on a
production environment? Or is there another recommended way?
Steps to reproduce
* have 2 realms: mobility, sensor
* place vault-1.crt vault-1.key in /etc/openxpki/ca
* run setup-cert
What happens
The vault key/cert is only imported for 1 realm
# setup-cert
Starting import
Successfully imported certificate into database:
Subject: CN=DataVault
Issuer: CN=DataVault
Identifier: bSiSGisjSnbA5HLzTQLSX5XPvE4
Realm: none
Successfully wrote alias:
Alias : vault-1
Identifier: bSiSGisjSnbA5HLzTQLSX5XPvE4
NotBefore : 2023-06-22 14:34:47
NotAfter : 2026-06-26 14:34:47
Doing /etc/openxpki/tls/chain/
vault certificate already imported
Its imported for mobility, but not for sensor
/etc/openxpki/ca# openxpkicli get_token_info --realm mobility --arg
alias=vault-1
{
"key_name" : "/etc/openxpki/local/keys/vault-1.pem",
"key_secret" : 1,
"key_store" : "OPENXPKI",
"key_usable" : 1
}
root@e83cd2f2fc1a:/etc/openxpki/ca# openxpkicli get_token_info --realm
sensor --arg alias=vault-1
Error: TokenManager failed to create token for vault-1
/etc/openxpki/ca# ls
mobility
README.md
sensor
vault-1.crt
vault-1.key
Expected
Vault credentials are imported for both realms.
_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users
