Hello list,
sorry, I have more stupid questions.
I setup openxpki with HSM and the WebUI reports active encryption token
vault-1, all tokens are shown as ONLINE.
# openxpkiadm alias list
=== functional token ===
vault (datasafe):
Alias : vault-1
Identifier: 87-reU8L8VIStmq-oj7IWlX6-ls
NotBefore : 2024-08-05 14:54:32
NotAfter : 2024-09-04 14:54:32
ratoken (cmcra):
not set
ratoken (scep):
not set
ca-signer (certsign):
Alias : ca-signer-1
Identifier: 1dzhOuBydkcgA82KWxSpPEefNVg
NotBefore : 2024-08-05 14:54:05
NotAfter : 2025-08-05 14:54:05
=== root ca ===
current root ca:
Alias : root-1
Identifier: 3_8BFNLuYFZNsEcV7i9yih-AMrs
NotBefore : 2024-08-05 14:53:04
NotAfter : 2024-09-04 14:53:04
upcoming root ca:
not set
# openxpkiadm key list
Keys for token group ratoken
Keys for token group vault
c vault-1
Keys for token group ca-signer
c ca-signer-1
Keys for token group ratoken
CRL could be issued and published, correctly signed by ca-signer-1. However, if
I try to sign a CSR i get an exception (started with debug 10):
2024-08-05 17:22:39.155271 DEBUG:1 PID:432869 OpenXPKI::Exception::full_message (line 118):
exception thrown: Could not find token alias by group; __group__ => ca-signer,
__noafter__ => 1754407359, __notbefore__ => 1722871359, __pki_realm__ => democa
2024-08-05 17:22:39.155658 DEBUG:1 PID:432869 OpenXPKI::Exception::full_message (line 118):
exception thrown: Could not find token alias by group; __group__ => ca-signer,
__noafter__ => 1754407359, __notbefore__ => 1722871359, __pki_realm__ => democa
I don't know what went wrong and why CRL signing works but CSR signing not, any
advice or hint?
Best,
-ap
_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users
