Hi, I'm currently setting up a PKI on my infra using OPENXPKI solution and I'm facing an issue that I didn't manage to solve so far. I set up the pki based on the demo ca config files and tinkered it to my realm. I generated self-signed certificates (namely rootCA.crt , vault-1.crt, ca-signer-1.crt) using openssl and imported its into my pki db following online documentation and using cli tool (readthedoc). Once logged in onto the webgui I got satisfying status for my certificates (datasafe and certsign) whom are depicted as ONLINE. Nonetheless when I tried to issue certificates I got the error below into my catchalllog file :
' 2025/05/07 17:19:53 openxpki.system.ERROR I18N_OPENXPKI_CRYPTO_CLI_EXECUTE_FAILED; __COMMAND__ => cms -decrypt -inform PEM -inkey /etc/openxpki/local/keys/vault-1.pem -recip /var/tmp/openxpki1616884y1wOp_Dh -in /var/tmp/openxpki1616884mr7I581f -out /var/tmp/openxpki1616884Eohu2ecA -passin env:pwd, __EXIT_STATUS__ => 1024 [pid=1616884|sid=f138|rid=557338c618a0|pki_realm=snowball] 2025/05/07 17:19:53 openxpki.system.ERROR I18N_OPENXPKI_TOOLKIT_COMMAND_FAILED; __COMMAND__ => OpenXPKI::Crypto::Backend::OpenSSL::Command::pkcs7_decrypt, __ERRVAL__ => I18N_OPENXPKI_CRYPTO_CLI_EXECUTE_FAILED; __COMMAND__ => cms -decrypt -inform PEM -inkey /etc/openxpki/local/keys/vault-1.pem -recip /var/tmp/openxpki1616884y1wOp_Dh -in /var/tmp/openxpki1616884mr7I581f -out /var/tmp/openxpki1616884Eohu2ecA -passin env:pwd, __EXIT_STATUS__ => 1024 [pid=1616884|sid=f138|rid=557338c618a0|pki_realm=snowball] root@pki:~/certifpki#' I can't understand what's the role of the pwd env variable inso far as in my crypto.yaml files I used the default password 'root' at initial. Also I tried to set de pwd env variable at 'root' manually but always got the error mentioned. I checked that the .pem key I put on the right place is well associated with my crt file vault-1.crt that I imported , which is the case. Hence I don't understand what did I missed . Perhaps could you please help me out ? Regards, Axel Biegalski Cybersecurity Engineer
_______________________________________________ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
