Hi Oliver, Your suggestion, of replacing the secret with 64 chars, seems to correct the issue, but I run into another problem, where the workflow execution fails and keep retrying. See the LOGs below:
openxpki@0f29cbd7bca9:/var/log$ tail -f openxpki-server/workflows.log 2025/08/14 01:34:37 511 NICE issueCertificate failed but pause_on_error is requested 2025/08/14 01:34:37 511 Action 'global_nice_issue_certificate' paused (I18N_OPENXPKI_UI_NICE_BACKEND_ERROR), wakeup 2025-08-13T17:41:09 2025/08/14 01:41:13 511 start cert issue for serial 255, workflow 511 2025/08/14 01:41:13 511 NICE backend error: Could not find token alias by group; __group__ => ca-signer, __noafter__ => 1786642873, __notbefore__ => 1755106873, __pki_realm__ => democa 2025/08/14 01:41:13 511 NICE issueCertificate failed but pause_on_error is requested 2025/08/14 01:41:13 511 Action 'global_nice_issue_certificate' paused (I18N_OPENXPKI_UI_NICE_BACKEND_ERROR), wakeup 2025-08-13T17:46:54 2025/08/14 01:46:59 511 start cert issue for serial 255, workflow 511 2025/08/14 01:46:59 511 NICE backend error: Could not find token alias by group; __group__ => ca-signer, __noafter__ => 1786643219, __notbefore__ => 1755107219, __pki_realm__ => democa 2025/08/14 01:46:59 511 NICE issueCertificate failed but pause_on_error is requested 2025/08/14 01:46:59 511 Action 'global_nice_issue_certificate' paused (I18N_OPENXPKI_UI_NICE_BACKEND_ERROR), wakeup 2025-08-13T17:50:49 openxpki@0f29cbd7bca9:/var/log$ tail -f openxpki-server/openxpki.log "OpenXPKI::Crypto::API" requires that the reference isa OpenXPKI::Crypto::API The reference (in $_[1]) isa Moose::Object and OpenXPKI::Crypto::Token::Vault [pid=1138|sid=Wbeh] 2025/08/14 01:28:31 ERROR Could not find token alias by group; __group__ => ca-signer, __noafter__ => 1786642111, __notbefore__ => 1755106111, __pki_realm__ => democa [pid=1887|sid=Wbeh] 2025/08/14 01:31:37 ERROR Could not find token alias by group; __group__ => ca-signer, __noafter__ => 1786642297, __notbefore__ => 1755106297, __pki_realm__ => democa [pid=2132|sid=Mzrd] 2025/08/14 01:34:37 ERROR Could not find token alias by group; __group__ => ca-signer, __noafter__ => 1786642477, __notbefore__ => 1755106477, __pki_realm__ => democa [pid=2374|sid=Mzrd] 2025/08/14 01:41:13 ERROR Could not find token alias by group; __group__ => ca-signer, __noafter__ => 1786642873, __notbefore__ => 1755106873, __pki_realm__ => democa [pid=2904|sid=Mzrd] 2025/08/14 01:46:59 ERROR Could not find token alias by group; __group__ => ca-signer, __noafter__ => 1786643219, __notbefore__ => 1755107219, __pki_realm__ => democa [pid=3360|sid=Mzrd] 2025/08/14 01:50:50 ERROR Could not find token alias by group; __group__ => ca-signer, __noafter__ => 1786643450, __notbefore__ => 1755107450, __pki_realm__ => democa [pid=3677|sid=Mzrd] 2025/08/14 01:54:41 ERROR Could not find token alias by group; __group__ => ca-signer, __noafter__ => 1786643681, __notbefore__ => 1755107681, __pki_realm__ => democa [pid=3981|sid=Mzrd] Also do you know why the "make sample-config" fails, as described in my first email. Thanks, Ed From: Oliver Welter <m...@oliwel.de> Sent: Wednesday, August 13, 2025 9:21 AM To: openxpki-users@lists.sourceforge.net Subject: Re: [OpenXPKI-users] Error while installing OpenXPKI (Community Edition v3.32.0), and testing the WebUI (with user alice) CAUTION: This message originated from an External Source outside of CommScope.com. This may be a phishing email that can result in unauthorized access to CommScope. Please use caution when opening attachments, clicking links, scanning QR codes, or responding. You can report suspicious emails directly in Microsoft Outlook. Hello Ed, the WebUI session issue is described in the README of the docker repo. Regarding the Vault token - the problem is the provided secret in the example config, the string in system/crypto.yaml must be 64 characters long, I accidentially missed one character in the repo :( Oliver On 12.08.25 22:16, Jean-Baptiste, Edwige via OpenXPKI-users wrote: Hi, I encounter few issues while installing the latest OpenXPKI (Community Edition v3.32.0), I followed the instruction steps by steps. See below for the problem descriptions. This is a fresh install (not an upgrade), I had to upgrade Docker and Docker-compose on the system before I started the install. 1. At first I couldn't connect to the WebUI due to the error below from the page: "The webserver did not return the expected data. Possible causes: OpenXPKI client is not running; authentication session has expired; an internal error. HTTP code: 500" I was able to get further by modifying the the WebUI file with the a different DB user/password: "openxpki-config/client.d/service/webui/default.yaml" I replaced this: User: openxpki_session Password: mysecret With this: User: openxpki Password: openxpki 1. After resolving the issue above, I was able to access the WebUI, and log in as "alice", but in the process of generating the RSA Key, I got this error: "This workflow was interrupted by an unexpected event, it will not continue without a manual interaction. Please contact the support team! Last Update 2025-08-12 19:04:15 UTC Failed Action global_store_pkey_in_datapool" WEBUI.log indicates the following: openxpkiclient@cf7bea636378:/var/log$ tail -f openxpki-client/webui.log 2025/08/12 19:00:35 INF Run 'csr_edit_cert_info' on workflow #255 [rid=5I_OocalVhrM|role=User|sid=1ac9|ssid=t5sz|ep=default|wfid=255|pid=9|name=alice] 2025/08/12 19:01:55 INF Incoming request: action 'workflow!select!wf_action!csr_submit!wf_id!255' [rid=KpH5p9Kn9fW-|role=User|sid=1ac9|ssid=t5sz|ep=default|pid=9|name=alice] 2025/08/12 19:01:55 INF Handle action 'workflow!select!wf_action!csr_submit!wf_id!255' [rid=KpH5p9Kn9fW-|role=User|sid=1ac9|ssid=t5sz|ep=default|pid=9|name=alice] 2025/08/12 19:04:13 INF Incoming request: action 'workflow' [rid=uaGFcJVcOdvR|role=User|sid=1ac9|ssid=t5sz|ep=default|pid=9|name=alice] 2025/08/12 19:04:13 INF Handle action 'workflow' [rid=uaGFcJVcOdvR|role=User|sid=1ac9|ssid=t5sz|ep=default|pid=9|name=alice] 2025/08/12 19:04:13 INF Run 'csr_retype_server_password' on workflow #255 [rid=uaGFcJVcOdvR|role=User|sid=1ac9|ssid=t5sz|ep=default|wfid=255|pid=9|name=alice] 2025/08/12 19:04:15 ERR Command 'execute_workflow_activity' failed (ERROR) [rid=uaGFcJVcOdvR|role=User|sid=1ac9|ssid=t5sz|ep=default|wfid=255|pid=9|name=alice] 2025/08/12 19:04:15 ERR I18N_OPENXPKI_SERVER_WORKFLOW_ERROR_ON_EXECUTE [rid=uaGFcJVcOdvR|role=User|sid=1ac9|ssid=t5sz|ep=default|wfid=255|pid=9|name=alice] 2025/08/12 19:04:15 ERR workflow acton failed! [rid=uaGFcJVcOdvR|role=User|sid=1ac9|ssid=t5sz|ep=default|wfid=255|pid=9|name=alice] 2025/08/12 19:04:15 INF Handle page 'workflow!load' [rid=uaGFcJVcOdvR|role=User|sid=1ac9|ssid=t5sz|ep=default|wfid=255|pid=9|name=alice] OPENXPKI-SERVER LOGs: openxpki@087f53771df1:/var/log$ tail -f openxpki-server/openxpki.log 2025/08/13 02:54:08 INFO Login successful (user: alice, role: User) [pid=7776|sid=t5sz] 2025/08/13 03:04:15 ERROR Vault requires a 256 bit length secret value encoded in 64 uppercase hex characters - is 6F70656E78706B6969736D796661766F72697465747275737463656E746572 [pid=8579|sid=t5sz] 2025/08/13 03:04:15 ERROR Workflow 255/certificate_signing_request_v2/KEY_GENERATED_CSR_GENERATE_PKCS10_0 uncaught exception [pid=8579|sid=t5sz] 2025/08/13 03:04:15 ERROR I18N_OPENXPKI_SERVER_WORKFLOW_ERROR_ON_EXECUTE; __ACTION__ => global_store_pkey_in_datapool, __ERROR__ => Vault requires a 256 bit length secret value encoded in 64 uppercase hex characters - is 6F70656E78706B6969736D796661766F72697465747275737463656E746572, __EXCEPTION__ => Workflow::Exception [pid=8579|sid=t5sz] 2025/08/13 03:04:15 ERROR Error executing workflow activity "csr_retype_server_password" on workflow id #255 (type "certificate_signing_request_v2"): I18N_OPENXPKI_SERVER_WORKFLOW_ERROR_ON_EXECUTE; __ACTION__ => global_store_pkey_in_datapool, __ERROR__ => Vault requires a 256 bit length secret value encoded in 64 uppercase hex characters - is 6F70656E78706B6969736D796661766F72697465747275737463656E746572, __EXCEPTION__ => Workflow::Exception [pid=8579|sid=t5sz] WORKFLOWS LOGs: openxpki@087f53771df1:/var/log$ cat openxpki-server/workflows.log 2025/08/13 03:00:36 255 Rendering subject: CN=lai.wenglang:ocsp,DC=Test Deployment,DC=OpenXPKI,DC=org openxpki@087f53771df1:/var/log$ CATCHALL LOGs: openxpki@087f53771df1:/var/log$ cat openxpki-server/catchall.log 2025/08/13 02:54:08 openxpki.auth.INFO Login successful (user: alice, role: User) [pid=7776|sid=t5sz] 2025/08/13 02:58:41 openxpki.application.INFO Purged 59 expired sessions [pid=22|sid=eLKt] 2025/08/13 03:00:36 openxpki.application.INFO Rendering subject: CN=lai.wenglang:ocsp,DC=Test Deployment,DC=OpenXPKI,DC=org [pid=8286|sid=t5sz] 2025/08/13 03:03:46 openxpki.application.INFO Purged 58 expired sessions [pid=22|sid=eLKt] 2025/08/13 03:04:13 openxpki.audit.key.INFO generating private keyHASH(0x55de7a4a17a0) [pid=8579|sid=t5sz] 2025/08/13 03:04:14 openxpki.audit.key.INFO generating private keyHASH(0x55de7a64e558) [pid=8579|sid=t5sz] 2025/08/13 03:04:15 openxpki.system.ERROR Vault requires a 256 bit length secret value encoded in 64 uppercase hex characters - is 6F70656E78706B6969736D796661766F72697465747275737463656E746572 [pid=8579|sid=t5sz] 2025/08/13 03:04:15 OpenXPKI.Server.Workflow.Activity.Tools.Datapool.SetEntry.ERROR workflow_error exception thrown from [OpenXPKI::Server::Workflow::Activity::Tools::Datapool::SetEntry: 72; before: Workflow: 123]: Vault requires a 256 bit length secret value encoded in 64 uppercase hex characters - is 6F70656E78706B6969736D796661766F72697465747275737463656E746572 [pid=8579|sid=t5sz] 2025/08/13 03:04:15 OpenXPKI.Server.Workflow.ERROR Caught exception from action: Vault requires a 256 bit length secret value encoded in 64 uppercase hex characters - is 6F70656E78706B6969736D796661766F72697465747275737463656E746572; reset workflow to old state 'KEY_GENERATED_CSR_GENERATE_PKCS10_0' [pid=8579|sid=t5sz] 2025/08/13 03:04:15 openxpki.workflow.ERROR Workflow 255/certificate_signing_request_v2/KEY_GENERATED_CSR_GENERATE_PKCS10_0 uncaught exception [pid=8579|sid=t5sz] 2025/08/13 03:04:15 openxpki.system.ERROR I18N_OPENXPKI_SERVER_WORKFLOW_ERROR_ON_EXECUTE; __ACTION__ => global_store_pkey_in_datapool, __ERROR__ => Vault requires a 256 bit length secret value encoded in 64 uppercase hex characters - is 6F70656E78706B6969736D796661766F72697465747275737463656E746572, __EXCEPTION__ => Workflow::Exception [pid=8579|sid=t5sz] 2025/08/13 03:04:15 openxpki.workflow.ERROR Error executing workflow activity "csr_retype_server_password" on workflow id #255 (type "certificate_signing_request_v2"): I18N_OPENXPKI_SERVER_WORKFLOW_ERROR_ON_EXECUTE; __ACTION__ => global_store_pkey_in_datapool, __ERROR__ => Vault requires a 256 bit length secret value encoded in 64 uppercase hex characters - is 6F70656E78706B6969736D796661766F72697465747275737463656E746572, __EXCEPTION__ => Workflow::Exception [pid=8579|sid=t5sz] 2025/08/13 03:08:47 openxpki.application.INFO Purged 63 expired sessions [pid=22|sid=eLKt] 2025/08/13 03:13:52 openxpki.application.INFO Purged 59 expired sessions [pid=22|sid=eLKt] 1. Sample-Config also fails, but I ran it multiple times, could that be a problem? [root@autosmoke openxpki-docker]# make sample-config docker compose exec -u root -it server /etc/openxpki/contrib/sampleconfig.sh Fully automated sample setup using tmpdir /tmp/tmp.ckpVoJuApQ creating configuration for openssl () .. done. Creating certificates .. Did not find a root ca certificate file. Creating an own self signed root ca .. done. Did not find existing issuing CA key file. Creating an issuing CA request .. done. Signing issuing certificate with own root CA .. done. Did not find existing DataVault certificate file. Creating a self signed DataVault certificate .. done. Did not find existing SCEP certificate file. Creating a SCEP request .. done. Signing SCEP certificate with Issuing CA .. done. Did not find existing WEB certificate file. Creating a Web request .. done. Signing Web certificate with Issuing CA .. done. Successfully wrote alias: Alias : ca-signer-7 Identifier: TXaycrvaO3p0grmq2gGIHUHlT7A NotBefore : 2025-08-12 20:02:32 NotAfter : 2035-08-15 20:02:32 Token is certsign, looking for root... Creating alias for root ca: Alias : root-7 Identifier: TXaycrvaO3p0grmq2gGIHUHlT7A NotBefore : 2025-08-12 20:02:32 NotAfter : 2035-08-15 20:02:32 make: *** [sample-config] Error 1 Could you help me figure this out? Thanks, Ed _______________________________________________ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net<mailto:OpenXPKI-users@lists.sourceforge.net> https://lists.sourceforge.net/lists/listinfo/openxpki-users -- Protect your environment - close windows and adopt a penguin!
_______________________________________________ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users