Re: [OpenXPKI-users] Error while installing OpenXPKI (Community Edition v3.32.0), and testing the WebUI (with user alice)

[Oliver Welter]

Hello Ed,

the WebUI session issue is described in the README of the docker repo.
Regarding the Vault token - the problem is the provided secret in the 
example config, the string in system/crypto.yaml must be 64 characters 
long, I accidentially missed one character in the repo :(

Oliver

On 12.08.25 22:16, Jean-Baptiste, Edwige via OpenXPKI-users wrote:

Hi,

    I encounter few issues while installing the latest OpenXPKI 
(Community Edition v3.32.0), I followed the instruction steps by 
steps. See below for the problem descriptions. This is a fresh install 
(not an upgrade), I had to upgrade Docker and Docker-compose on the 
system before I started the install.

 1. At first I couldn’t connect to the WebUI due to the error below
    from the page:

“The webserver did not return the expected data.
Possible causes: OpenXPKI client is not running; authentication 
session has expired; an internal error.
HTTP code: 500”

I was able to get further by modifying the the WebUI file with the a 
different DB user/password: 
“openxpki-config/client.d/service/webui/default.yaml”

I replaced this:

    User: openxpki_session

    Password: mysecret

With this:

User: openxpki

Password: openxpki

 2. After resolving the issue above, I was able to access the WebUI,
    and log in as “alice”, but in the process of generating the RSA
    Key, I got this error:

“This workflow was interrupted by an unexpected event, it will not 
continue without a manual interaction. Please contact the support team!

*Last Update*

2025-08-12 19:04:15 UTC

*Failed Action*

global_store_pkey_in_datapool”

WEBUI.log indicates the following:

openxpkiclient@cf7bea636378:/var/log$ tail -f openxpki-client/webui.log

2025/08/12 19:00:35 INF Run 'csr_edit_cert_info' on workflow #255 
[rid=5I_OocalVhrM|role=User|sid=1ac9|ssid=t5sz|ep=default|wfid=255|pid=9|name=alice]

2025/08/12 19:01:55 INF Incoming request: action 
'workflow!select!wf_action!csr_submit!wf_id!255' 
[rid=KpH5p9Kn9fW-|role=User|sid=1ac9|ssid=t5sz|ep=default|pid=9|name=alice]

2025/08/12 19:01:55 INF Handle action 
'workflow!select!wf_action!csr_submit!wf_id!255' 
[rid=KpH5p9Kn9fW-|role=User|sid=1ac9|ssid=t5sz|ep=default|pid=9|name=alice]

2025/08/12 19:04:13 INF Incoming request: action 'workflow' 
[rid=uaGFcJVcOdvR|role=User|sid=1ac9|ssid=t5sz|ep=default|pid=9|name=alice]

2025/08/12 19:04:13 INF Handle action 'workflow' 
[rid=uaGFcJVcOdvR|role=User|sid=1ac9|ssid=t5sz|ep=default|pid=9|name=alice]

2025/08/12 19:04:13 INF Run 'csr_retype_server_password' on workflow 
#255 
[rid=uaGFcJVcOdvR|role=User|sid=1ac9|ssid=t5sz|ep=default|wfid=255|pid=9|name=alice]

2025/08/12 19:04:15 ERR Command 'execute_workflow_activity' failed 
(ERROR) 
[rid=uaGFcJVcOdvR|role=User|sid=1ac9|ssid=t5sz|ep=default|wfid=255|pid=9|name=alice]

2025/08/12 19:04:15 ERR I18N_OPENXPKI_SERVER_WORKFLOW_ERROR_ON_EXECUTE 
[rid=uaGFcJVcOdvR|role=User|sid=1ac9|ssid=t5sz|ep=default|wfid=255|pid=9|name=alice]

2025/08/12 19:04:15 ERR workflow acton failed! 
[rid=uaGFcJVcOdvR|role=User|sid=1ac9|ssid=t5sz|ep=default|wfid=255|pid=9|name=alice]

2025/08/12 19:04:15 INF Handle page 'workflow!load' 
[rid=uaGFcJVcOdvR|role=User|sid=1ac9|ssid=t5sz|ep=default|wfid=255|pid=9|name=alice]

OPENXPKI-SERVER LOGs:

openxpki@087f53771df1:/var/log$ tail -f openxpki-server/openxpki.log

2025/08/13 02:54:08 INFO Login successful (user: alice, role: User) 
[pid=7776|sid=t5sz]

2025/08/13 03:04:15 ERROR Vault requires a 256 bit length secret value 
encoded in 64 uppercase hex characters - is 
6F70656E78706B6969736D796661766F72697465747275737463656E746572 
[pid=8579|sid=t5sz]

2025/08/13 03:04:15 ERROR Workflow 
255/certificate_signing_request_v2/KEY_GENERATED_CSR_GENERATE_PKCS10_0 
uncaught exception [pid=8579|sid=t5sz]

2025/08/13 03:04:15 ERROR 
I18N_OPENXPKI_SERVER_WORKFLOW_ERROR_ON_EXECUTE; __ACTION__ => 
global_store_pkey_in_datapool, __ERROR__ => Vault requires a 256 bit 
length secret value encoded in 64 uppercase hex characters - is 
6F70656E78706B6969736D796661766F72697465747275737463656E746572, 
__EXCEPTION__ => Workflow::Exception [pid=8579|sid=t5sz]

2025/08/13 03:04:15 ERROR Error executing workflow activity 
"csr_retype_server_password" on workflow id #255 (type 
"certificate_signing_request_v2"): 
I18N_OPENXPKI_SERVER_WORKFLOW_ERROR_ON_EXECUTE; __ACTION__ => 
global_store_pkey_in_datapool, __ERROR__ => Vault requires a 256 bit 
length secret value encoded in 64 uppercase hex characters - is 
6F70656E78706B6969736D796661766F72697465747275737463656E746572, 
__EXCEPTION__ => Workflow::Exception [pid=8579|sid=t5sz]

WORKFLOWS LOGs:

openxpki@087f53771df1:/var/log$ cat openxpki-server/workflows.log

2025/08/13 03:00:36 255 Rendering subject: 
CN=lai.wenglang:ocsp,DC=Test Deployment,DC=OpenXPKI,DC=org

openxpki@087f53771df1:/var/log$

CATCHALL LOGs:

openxpki@087f53771df1:/var/log$ cat openxpki-server/catchall.log

2025/08/13 02:54:08 openxpki.auth.INFO Login successful (user: alice, 
role: User) [pid=7776|sid=t5sz]

2025/08/13 02:58:41 openxpki.application.INFO Purged 59 expired 
sessions [pid=22|sid=eLKt]

2025/08/13 03:00:36 openxpki.application.INFO Rendering subject: 
CN=lai.wenglang:ocsp,DC=Test Deployment,DC=OpenXPKI,DC=org 
[pid=8286|sid=t5sz]

2025/08/13 03:03:46 openxpki.application.INFO Purged 58 expired 
sessions [pid=22|sid=eLKt]

2025/08/13 03:04:13 openxpki.audit.key.INFO generating private 
keyHASH(0x55de7a4a17a0) [pid=8579|sid=t5sz]

2025/08/13 03:04:14 openxpki.audit.key.INFO generating private 
keyHASH(0x55de7a64e558) [pid=8579|sid=t5sz]

2025/08/13 03:04:15 openxpki.system.ERROR Vault requires a 256 bit 
length secret value encoded in 64 uppercase hex characters - is 
6F70656E78706B6969736D796661766F72697465747275737463656E746572 
[pid=8579|sid=t5sz]

2025/08/13 03:04:15 
OpenXPKI.Server.Workflow.Activity.Tools.Datapool.SetEntry.ERROR 
workflow_error exception thrown from 
[OpenXPKI::Server::Workflow::Activity::Tools::Datapool::SetEntry: 72; 
before: Workflow: 123]: Vault requires a 256 bit length secret value 
encoded in 64 uppercase hex characters - is 
6F70656E78706B6969736D796661766F72697465747275737463656E746572 
[pid=8579|sid=t5sz]

2025/08/13 03:04:15 OpenXPKI.Server.Workflow.ERROR Caught exception 
from action: Vault requires a 256 bit length secret value encoded in 
64 uppercase hex characters - is 
6F70656E78706B6969736D796661766F72697465747275737463656E746572; reset 
workflow to old state 'KEY_GENERATED_CSR_GENERATE_PKCS10_0' 
[pid=8579|sid=t5sz]

2025/08/13 03:04:15 openxpki.workflow.ERROR Workflow 
255/certificate_signing_request_v2/KEY_GENERATED_CSR_GENERATE_PKCS10_0 
uncaught exception [pid=8579|sid=t5sz]

2025/08/13 03:04:15 openxpki.system.ERROR 
I18N_OPENXPKI_SERVER_WORKFLOW_ERROR_ON_EXECUTE; __ACTION__ => 
global_store_pkey_in_datapool, __ERROR__ => Vault requires a 256 bit 
length secret value encoded in 64 uppercase hex characters - is 
6F70656E78706B6969736D796661766F72697465747275737463656E746572, 
__EXCEPTION__ => Workflow::Exception [pid=8579|sid=t5sz]

2025/08/13 03:04:15 openxpki.workflow.ERROR Error executing workflow 
activity "csr_retype_server_password" on workflow id #255 (type 
"certificate_signing_request_v2"): 
I18N_OPENXPKI_SERVER_WORKFLOW_ERROR_ON_EXECUTE; __ACTION__ => 
global_store_pkey_in_datapool, __ERROR__ => Vault requires a 256 bit 
length secret value encoded in 64 uppercase hex characters - is 
6F70656E78706B6969736D796661766F72697465747275737463656E746572, 
__EXCEPTION__ => Workflow::Exception [pid=8579|sid=t5sz]

2025/08/13 03:08:47 openxpki.application.INFO Purged 63 expired 
sessions [pid=22|sid=eLKt]

2025/08/13 03:13:52 openxpki.application.INFO Purged 59 expired 
sessions [pid=22|sid=eLKt]

 3. Sample-Config also fails, but I ran it multiple times, could that
    be a problem?

[root@autosmoke openxpki-docker]# make sample-config

docker compose exec -u root  -it server 
/etc/openxpki/contrib/sampleconfig.sh

Fully automated sample setup using tmpdir /tmp/tmp.ckpVoJuApQ

creating configuration for openssl () .. done.

Creating certificates ..

Did not find a root ca certificate file.

Creating an own self signed root ca .. done.

Did not find existing issuing CA key file.

Creating an issuing CA request .. done.

Signing issuing certificate with own root CA .. done.

Did not find existing DataVault certificate file.

Creating a self signed DataVault certificate .. done.

Did not find existing SCEP certificate file.

Creating a SCEP request .. done.

Signing SCEP certificate with Issuing CA .. done.

Did not find existing WEB certificate file.

Creating a Web request .. done.

Signing Web certificate with Issuing CA .. done.

Successfully wrote alias:

  Alias     : ca-signer-7

  Identifier: TXaycrvaO3p0grmq2gGIHUHlT7A

  NotBefore : 2025-08-12 20:02:32

  NotAfter  : 2035-08-15 20:02:32

Token is certsign, looking for root...

Creating alias for root ca:

  Alias     : root-7

  Identifier: TXaycrvaO3p0grmq2gGIHUHlT7A

  NotBefore : 2025-08-12 20:02:32

  NotAfter  : 2035-08-15 20:02:32

make: *** [sample-config] Error 1

Could you help me figure this out?

Thanks,

Ed



_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users


--
Protect your environment -  close windows and adopt a penguin!
_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users