Hi Mohamed,
so I had a look at this and found the problem - the current repository
configuration has a dedicated secret section for the token used with the
SCEP service (ratoken) with the value "secret". The sampleconfig.sh was
indeed never changed and sets "root" as password for the SCEP key.
As a result the system fails to unpack the stored key into the
filesystem which results in the error message posted by you.
The solution is quite simple - either create the SCEP key with the
"right" password (or without any) or change the password in the config.
I will check whats the best way to get this into the sampleconfig and
provide an update as time permits.
best regards
Oliver
On 05.01.24 12:55, Mo Be wrote:
Hi,
I seem to have the same issue.
I'm using OpenXPKI v3.26.
And like Petri, I used the initial configuration as it is.
I ran the sampleconfig.sh to generate default certificates.
I can even retrieve the CA certificates with SCEP and I do receive all
3 : scepra, realm, root.
Just want to add a few details on top of Petri's request:
/var/tmp/openxpki148QvSRMnBh/EE:3D:CC:AF:82:F6:FF:78:90:D8:76:0E:65:99:CC:DE:B3:A2:AF:6F
The EE:...:6F is the SCEP RA key identifier, and it is present (mine is
different of course), I checked with the command :
>>> openxpkiadm certificate list -v -v -v <<<
But what I don't find, is the executablerelated to that token I guess?
>>> /var/tmp/openxpki148QvSRMnBh
I have a bunch of files/executables following the same pattern
openxpki15ysoZEUBK
openxpki53i6Iai6uo
openxpki539KfAGsmC
I don't know what they are or how they get created, but none of them
matches the one in that /var/tmp/MISSING_EXE/EE:*:6F
Perhaps something is missing in the crypto.yaml like Nick said?
ratoken:
inherit: default
key_store: DATAPOOL
key: "[% KEY_IDENTIFIER %]"
secret: ratoken
Such as ratoken is referenced by "scep" in crypto.type (cf. yaml)
I don't know if that secret key-value has anything to do with the
certificates and keys created by the sample script. Or maybe that [%
KEY_IDENTIFIER %] should be part of a path? I don't know.
I'm still looking here and there.
Cheers,
Mohamed
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
--
Protect your environment - close windows and adopt a penguin!
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
