[OpenXPKI-users] Error while installing OpenXPKI (Community Edition v3.32.0), and testing the WebUI (with user alice)

Jean-Baptiste, Edwige via OpenXPKI-users Tue, 12 Aug 2025 13:33:00 -0700

Hi,
    I encounter few issues while installing the latest OpenXPKI (Community 
Edition v3.32.0), I followed the instruction steps by steps. See below for the 
problem descriptions. This is a fresh install (not an upgrade), I had to 
upgrade Docker and Docker-compose on the system before I started the install.



  1.  At first I couldn't connect to the WebUI due to the error below from the 
page:

"The webserver did not return the expected data.
Possible causes: OpenXPKI client is not running; authentication session has 
expired; an internal error.
HTTP code: 500"



I was able to get further by modifying the the WebUI file with the a different 
DB user/password: "openxpki-config/client.d/service/webui/default.yaml"



I replaced this:

    User: openxpki_session

    Password: mysecret



With this:

User: openxpki

Password: openxpki



  1.  After resolving the issue above, I was able to access the WebUI, and log 
in as "alice", but in the process of generating the RSA Key, I got this error:

"This workflow was interrupted by an unexpected event, it will not continue 
without a manual interaction. Please contact the support team!
Last Update
2025-08-12 19:04:15 UTC
Failed Action
global_store_pkey_in_datapool"

WEBUI.log indicates the following:

openxpkiclient@cf7bea636378:/var/log$ tail -f openxpki-client/webui.log
2025/08/12 19:00:35 INF Run 'csr_edit_cert_info' on workflow #255 
[rid=5I_OocalVhrM|role=User|sid=1ac9|ssid=t5sz|ep=default|wfid=255|pid=9|name=alice]
2025/08/12 19:01:55 INF Incoming request: action 
'workflow!select!wf_action!csr_submit!wf_id!255' 
[rid=KpH5p9Kn9fW-|role=User|sid=1ac9|ssid=t5sz|ep=default|pid=9|name=alice]
2025/08/12 19:01:55 INF Handle action 
'workflow!select!wf_action!csr_submit!wf_id!255' 
[rid=KpH5p9Kn9fW-|role=User|sid=1ac9|ssid=t5sz|ep=default|pid=9|name=alice]
2025/08/12 19:04:13 INF Incoming request: action 'workflow' 
[rid=uaGFcJVcOdvR|role=User|sid=1ac9|ssid=t5sz|ep=default|pid=9|name=alice]
2025/08/12 19:04:13 INF Handle action 'workflow' 
[rid=uaGFcJVcOdvR|role=User|sid=1ac9|ssid=t5sz|ep=default|pid=9|name=alice]
2025/08/12 19:04:13 INF Run 'csr_retype_server_password' on workflow #255 
[rid=uaGFcJVcOdvR|role=User|sid=1ac9|ssid=t5sz|ep=default|wfid=255|pid=9|name=alice]
2025/08/12 19:04:15 ERR Command 'execute_workflow_activity' failed (ERROR) 
[rid=uaGFcJVcOdvR|role=User|sid=1ac9|ssid=t5sz|ep=default|wfid=255|pid=9|name=alice]
2025/08/12 19:04:15 ERR I18N_OPENXPKI_SERVER_WORKFLOW_ERROR_ON_EXECUTE 
[rid=uaGFcJVcOdvR|role=User|sid=1ac9|ssid=t5sz|ep=default|wfid=255|pid=9|name=alice]
2025/08/12 19:04:15 ERR workflow acton failed! 
[rid=uaGFcJVcOdvR|role=User|sid=1ac9|ssid=t5sz|ep=default|wfid=255|pid=9|name=alice]
2025/08/12 19:04:15 INF Handle page 'workflow!load' 
[rid=uaGFcJVcOdvR|role=User|sid=1ac9|ssid=t5sz|ep=default|wfid=255|pid=9|name=alice]



OPENXPKI-SERVER LOGs:

openxpki@087f53771df1:/var/log$ tail -f openxpki-server/openxpki.log
2025/08/13 02:54:08 INFO Login successful (user: alice, role: User) 
[pid=7776|sid=t5sz]
2025/08/13 03:04:15 ERROR Vault requires a 256 bit length secret value encoded 
in 64 uppercase hex characters - is 
6F70656E78706B6969736D796661766F72697465747275737463656E746572 
[pid=8579|sid=t5sz]
2025/08/13 03:04:15 ERROR Workflow 
255/certificate_signing_request_v2/KEY_GENERATED_CSR_GENERATE_PKCS10_0 uncaught 
exception [pid=8579|sid=t5sz]
2025/08/13 03:04:15 ERROR I18N_OPENXPKI_SERVER_WORKFLOW_ERROR_ON_EXECUTE; 
__ACTION__ => global_store_pkey_in_datapool, __ERROR__ => Vault requires a 256 
bit length secret value encoded in 64 uppercase hex characters - is 
6F70656E78706B6969736D796661766F72697465747275737463656E746572, __EXCEPTION__ 
=> Workflow::Exception [pid=8579|sid=t5sz]
2025/08/13 03:04:15 ERROR Error executing workflow activity 
"csr_retype_server_password" on workflow id #255 (type 
"certificate_signing_request_v2"): 
I18N_OPENXPKI_SERVER_WORKFLOW_ERROR_ON_EXECUTE; __ACTION__ => 
global_store_pkey_in_datapool, __ERROR__ => Vault requires a 256 bit length 
secret value encoded in 64 uppercase hex characters - is 
6F70656E78706B6969736D796661766F72697465747275737463656E746572, __EXCEPTION__ 
=> Workflow::Exception [pid=8579|sid=t5sz]


WORKFLOWS LOGs:

openxpki@087f53771df1:/var/log$ cat openxpki-server/workflows.log
2025/08/13 03:00:36 255 Rendering subject: CN=lai.wenglang:ocsp,DC=Test 
Deployment,DC=OpenXPKI,DC=org
openxpki@087f53771df1:/var/log$

CATCHALL LOGs:

openxpki@087f53771df1:/var/log$ cat openxpki-server/catchall.log
2025/08/13 02:54:08 openxpki.auth.INFO Login successful (user: alice, role: 
User) [pid=7776|sid=t5sz]
2025/08/13 02:58:41 openxpki.application.INFO Purged 59 expired sessions 
[pid=22|sid=eLKt]
2025/08/13 03:00:36 openxpki.application.INFO Rendering subject: 
CN=lai.wenglang:ocsp,DC=Test Deployment,DC=OpenXPKI,DC=org [pid=8286|sid=t5sz]
2025/08/13 03:03:46 openxpki.application.INFO Purged 58 expired sessions 
[pid=22|sid=eLKt]
2025/08/13 03:04:13 openxpki.audit.key.INFO generating private 
keyHASH(0x55de7a4a17a0) [pid=8579|sid=t5sz]
2025/08/13 03:04:14 openxpki.audit.key.INFO generating private 
keyHASH(0x55de7a64e558) [pid=8579|sid=t5sz]
2025/08/13 03:04:15 openxpki.system.ERROR Vault requires a 256 bit length 
secret value encoded in 64 uppercase hex characters - is 
6F70656E78706B6969736D796661766F72697465747275737463656E746572 
[pid=8579|sid=t5sz]
2025/08/13 03:04:15 
OpenXPKI.Server.Workflow.Activity.Tools.Datapool.SetEntry.ERROR workflow_error 
exception thrown from 
[OpenXPKI::Server::Workflow::Activity::Tools::Datapool::SetEntry: 72; before: 
Workflow: 123]: Vault requires a 256 bit length secret value encoded in 64 
uppercase hex characters - is 
6F70656E78706B6969736D796661766F72697465747275737463656E746572 
[pid=8579|sid=t5sz]
2025/08/13 03:04:15 OpenXPKI.Server.Workflow.ERROR Caught exception from 
action: Vault requires a 256 bit length secret value encoded in 64 uppercase 
hex characters - is 
6F70656E78706B6969736D796661766F72697465747275737463656E746572; reset workflow 
to old state 'KEY_GENERATED_CSR_GENERATE_PKCS10_0' [pid=8579|sid=t5sz]
2025/08/13 03:04:15 openxpki.workflow.ERROR Workflow 
255/certificate_signing_request_v2/KEY_GENERATED_CSR_GENERATE_PKCS10_0 uncaught 
exception [pid=8579|sid=t5sz]
2025/08/13 03:04:15 openxpki.system.ERROR 
I18N_OPENXPKI_SERVER_WORKFLOW_ERROR_ON_EXECUTE; __ACTION__ => 
global_store_pkey_in_datapool, __ERROR__ => Vault requires a 256 bit length 
secret value encoded in 64 uppercase hex characters - is 
6F70656E78706B6969736D796661766F72697465747275737463656E746572, __EXCEPTION__ 
=> Workflow::Exception [pid=8579|sid=t5sz]
2025/08/13 03:04:15 openxpki.workflow.ERROR Error executing workflow activity 
"csr_retype_server_password" on workflow id #255 (type 
"certificate_signing_request_v2"): 
I18N_OPENXPKI_SERVER_WORKFLOW_ERROR_ON_EXECUTE; __ACTION__ => 
global_store_pkey_in_datapool, __ERROR__ => Vault requires a 256 bit length 
secret value encoded in 64 uppercase hex characters - is 
6F70656E78706B6969736D796661766F72697465747275737463656E746572, __EXCEPTION__ 
=> Workflow::Exception [pid=8579|sid=t5sz]
2025/08/13 03:08:47 openxpki.application.INFO Purged 63 expired sessions 
[pid=22|sid=eLKt]
2025/08/13 03:13:52 openxpki.application.INFO Purged 59 expired sessions 
[pid=22|sid=eLKt]



  1.  Sample-Config also fails, but I ran it multiple times, could that be a 
problem?

[root@autosmoke openxpki-docker]# make sample-config
docker compose exec -u root  -it server /etc/openxpki/contrib/sampleconfig.sh
Fully automated sample setup using tmpdir /tmp/tmp.ckpVoJuApQ
creating configuration for openssl () .. done.
Creating certificates ..
Did not find a root ca certificate file.
Creating an own self signed root ca .. done.
Did not find existing issuing CA key file.
Creating an issuing CA request .. done.
Signing issuing certificate with own root CA .. done.
Did not find existing DataVault certificate file.
Creating a self signed DataVault certificate .. done.
Did not find existing SCEP certificate file.
Creating a SCEP request .. done.
Signing SCEP certificate with Issuing CA .. done.
Did not find existing WEB certificate file.
Creating a Web request .. done.
Signing Web certificate with Issuing CA .. done.
Successfully wrote alias:
  Alias     : ca-signer-7
  Identifier: TXaycrvaO3p0grmq2gGIHUHlT7A
  NotBefore : 2025-08-12 20:02:32
  NotAfter  : 2035-08-15 20:02:32


Token is certsign, looking for root...
Creating alias for root ca:
  Alias     : root-7
  Identifier: TXaycrvaO3p0grmq2gGIHUHlT7A
  NotBefore : 2025-08-12 20:02:32
  NotAfter  : 2035-08-15 20:02:32

make: *** [sample-config] Error 1



Could you help me figure this out?


Thanks,
Ed

_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users

[OpenXPKI-users] Error while installing OpenXPKI (Community Edition v3.32.0), and testing the WebUI (with user alice)

Reply via email to