Hi,
I'm currently setting up a PKI on my infra using OPENXPKI solution and I'm 
facing an issue that I didn't manage to solve so far. I set up the pki based on 
the demo ca config files and tinkered it to my realm. I generated self-signed 
certificates (namely rootCA.crt , vault-1.crt, ca-signer-1.crt) using openssl 
and imported its into my pki db following online documentation and using cli 
tool (readthedoc).  Once logged in onto the webgui I got satisfying status for 
my certificates (datasafe and certsign) whom are depicted as ONLINE. 
Nonetheless when I tried to issue certificates I got the error below into my 
catchalllog file :

' 2025/05/07 17:19:53 openxpki.system.ERROR 
I18N_OPENXPKI_CRYPTO_CLI_EXECUTE_FAILED; __COMMAND__ => cms -decrypt -inform 
PEM -inkey /etc/openxpki/local/keys/vault-1.pem -recip 
/var/tmp/openxpki1616884y1wOp_Dh -in /var/tmp/openxpki1616884mr7I581f -out 
/var/tmp/openxpki1616884Eohu2ecA -passin env:pwd, __EXIT_STATUS__ => 1024 
[pid=1616884|sid=f138|rid=557338c618a0|pki_realm=snowball]
2025/05/07 17:19:53 openxpki.system.ERROR I18N_OPENXPKI_TOOLKIT_COMMAND_FAILED; 
__COMMAND__ => OpenXPKI::Crypto::Backend::OpenSSL::Command::pkcs7_decrypt, 
__ERRVAL__ => I18N_OPENXPKI_CRYPTO_CLI_EXECUTE_FAILED; __COMMAND__ => cms 
-decrypt -inform PEM -inkey /etc/openxpki/local/keys/vault-1.pem -recip 
/var/tmp/openxpki1616884y1wOp_Dh -in /var/tmp/openxpki1616884mr7I581f -out 
/var/tmp/openxpki1616884Eohu2ecA -passin env:pwd, __EXIT_STATUS__ => 1024 
[pid=1616884|sid=f138|rid=557338c618a0|pki_realm=snowball]
root@pki:~/certifpki#'

I can't understand what's the role of the pwd env variable inso far as in my 
crypto.yaml files I used the default password 'root' at initial. Also I tried 
to set de pwd env variable at 'root' manually but always got the error 
mentioned. I checked that the .pem key I put on the right place is well 
associated with my crt file vault-1.crt that I imported , which is the case. 
Hence I don't understand what did I missed .

Perhaps could you please help me out ?

Regards,
Axel Biegalski
Cybersecurity Engineer

_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users

Reply via email to