Re: [OpenXPKI-users] 1 secret groups not available

James B. Byrne via OpenXPKI-users Fri, 22 Mar 2024 06:07:53 -0700

On Fri, March 22, 2024 08:45, James B. Byrne wrote:
> Logging on to another test realm, not democa, as an RA Operator I see this:
>
>
> Your system status is critical!
>
> OpenXPKI system status
>
> Secret groups                 1 secret groups are NOT available
> No CRL found!                 ---
> Active Encryption Token               vault-1
> System Version                        3.24.2
> Hostname                      openxpki-3.internal.harte-lyne.ca.
> Config Version                        api
>                               3.18


In /var/log/openxpki/openxpki.log I see this:

2024/03/22 08:57:23 ERROR
I18N_OPENXPKI_SERVICE_DEFAULT_HANDLE_CONTINUE_SESSION_SESSION_CONTINUE_FAILED;
__ID__ => zqnDv0To7hGpoNTf3lNPsA== [pid=7068|]
2024/03/22 08:58:11 INFO Login successful (user: byrnejb_hll, role: RA
Operator) [pid=7068|sid=IBVP]

2024/03/22 08:58:12 ERROR OpenSSL error: unable to load signing key file
45354726268928:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad
decrypt:/usr/src/crypto/openssl/crypto/evp/evp_enc.c:612:
45354726268928:error:0906A065:PEM routines:PEM_do_header:bad
decrypt:/usr/src/crypto/openssl/crypto/pem/pem_lib.c:461:
 [pid=7068|sid=IBVP]

2024/03/22 08:58:12 ERROR I18N_OPENXPKI_CRYPTO_CLI_EXECUTE_FAILED; __COMMAND__
=> cms -sign -binary -nosmimecap -outform PEM -nodetach -in
/var/tmp/openxpki7068rAhBRK43 -inkey /var/tmp/openxpki7068HnLhAvaK/ca-signer-1
-signer /var/tmp/openxpki7068wnbNYH_K -out /var/tmp/openxpki7068BT1d_Hs4
-passin env:pwd, __EXIT_STATUS__ => 512 [pid=7068|sid=IBVP]

2024/03/22 08:58:12 ERROR I18N_OPENXPKI_TOOLKIT_COMMAND_FAILED; __COMMAND__ =>
OpenXPKI::Crypto::Backend::OpenSSL::Command::pkcs7_sign, __ERRVAL__ =>
I18N_OPENXPKI_CRYPTO_CLI_EXECUTE_FAILED; __COMMAND__ => cms -sign -binary
-nosmimecap -outform PEM -nodetach -in /var/tmp/openxpki7068rAhBRK43 -inkey
/var/tmp/openxpki7068HnLhAvaK/ca-signer-1 -signer /var/tmp/openxpki7068wnbNYH_K
-out /var/tmp/openxpki7068BT1d_Hs4 -passin env:pwd, __EXIT_STATUS__ => 512
[pid=7068|sid=IBVP]


I gather that either I cannot load ca-signer-1 or the key pass phrase value is
wrong.  How do I tell which?

-- 
***          e-Mail is NOT a SECURE channel          ***
        Do NOT transmit sensitive data via e-Mail
   Unencrypted messages have no legal claim to privacy
 Do NOT open attachments nor follow links sent by e-Mail

James B. Byrne                mailto:[email protected]
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3



_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users

Re: [OpenXPKI-users] 1 secret groups not available

Reply via email to