Yes, you are ... not wrong, not wrong. I went for the easiest one : changing the password in the configuration.
On my way, I also got tricked by that line >>> secret : ratoken <<< Thought the password was "ratoken" but no, it was a reference to the secret group right below, and the associated values to that secret group are defined in system.crypto where you can set the password/value. Afterwards, you realized once again : comments are there for a reason :) Thank you very much, Mohamed Le lun. 8 janv. 2024 à 18:32, Oliver Welter <[email protected]> a écrit : > Hi Mohamed, > > so I had a look at this and found the problem - the current repository > configuration has a dedicated secret section for the token used with the > SCEP service (ratoken) with the value "secret". The sampleconfig.sh was > indeed never changed and sets "root" as password for the SCEP key. > > As a result the system fails to unpack the stored key into the filesystem > which results in the error message posted by you. > > The solution is quite simple - either create the SCEP key with the "right" > password (or without any) or change the password in the config. I will > check whats the best way to get this into the sampleconfig and provide an > update as time permits. > > best regards > > Oliver > On 05.01.24 12:55, Mo Be wrote: > > Hi, > > I seem to have the same issue. > I'm using OpenXPKI v3.26. > And like Petri, I used the initial configuration as it is. > I ran the sampleconfig.sh to generate default certificates. > I can even retrieve the CA certificates with SCEP and I do receive all 3 : > scepra, realm, root. > > Just want to add a few details on top of Petri's request: > > /var/tmp/openxpki148QvSRMnBh/EE:3D:CC:AF:82:F6:FF:78:90:D8:76:0E:65:99:CC:DE:B3:A2:AF:6F > > The EE:...:6F is the SCEP RA key identifier, and it is present (mine is > different of course), I checked with the command : > > >>> openxpkiadm certificate list -v -v -v <<< > > > But what I don't find, is the executablerelated to that token I guess? > >>> /var/tmp/openxpki148QvSRMnBh > > I have a bunch of files/executables following the same pattern > openxpki15ysoZEUBK > openxpki53i6Iai6uo > openxpki539KfAGsmC > > I don't know what they are or how they get created, but none of them > matches the one in that /var/tmp/MISSING_EXE/EE:*:6F > > Perhaps something is missing in the crypto.yaml like Nick said? > ratoken: > inherit: default > key_store: DATAPOOL > key: "[% KEY_IDENTIFIER %]" > secret: ratoken > Such as ratoken is referenced by "scep" in crypto.type (cf. yaml) > I don't know if that secret key-value has anything to do with the > certificates and keys created by the sample script. Or maybe that [% > KEY_IDENTIFIER %] should be part of a path? I don't know. > I'm still looking here and there. > Cheers, > Mohamed > > > _______________________________________________ > OpenXPKI-users mailing > [email protected]https://lists.sourceforge.net/lists/listinfo/openxpki-users > > -- > Protect your environment - close windows and adopt a penguin! > > _______________________________________________ > OpenXPKI-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/openxpki-users >
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
