Re: [OpenXPKI-users] Need help with initial setup

2022-04-26 Thread Oliver Welter 
Hi Robet,

thank you for bringing this up, I have reworked the WebUI part and added
a section:
https://openxpki.readthedocs.io/en/latest/quickstart.html#adding-the-webclient

I hope this would help others to find the right solution

Oliver

Am 20.04.22 um 10:18 schrieb von Könemann:
> Hi Oliver, thank you for your reply.
>
> indeed, apache errorlog shows a connection error to the DB on
> localhost. Why Is there more than one place i have to define my
> database in? The quick start guide doesn’t reflect that.
> The Database is on another host. I assume i have to change the
> settings in webui/default.conf [session_driver].
>
> I modified DataSource to include my sql host and NameSpace to be the
> name of my database and i now get a login screen.
>
> Thanks a lot for your help. Would have taken much longer without you!
> Cheers
> Robert
>
> 
> *Von: *"Oliver Welter" 
> *An: *"OpenXPKI-users" 
> *Gesendet: *Dienstag, 19. April 2022 10:53:26
> *Betreff: *Re: [OpenXPKI-users] Need help with initial setup
>
> Hi Robert,
>
> This looks like your client side crashes - did you change the database
> connection information in webui/default.conf ?
>
> Please have a look at /var/log/openxpki/webui.log and the apache error
> log.
>
> Oliver
>
> Am 19.04.22 um 10:23 schrieb von Könemann:
>
> Thanks for your help, Oliver
>
> I threw away the database, db-user and the config to make sure of 
> a clean start.
> I hope this sheds some light on the error.
>
> These were my steps:
>
> - make sure locale en_US is available
> - reinstall packages according to quickstart docs
> - setup mysql database in utf8-scheme with a password
> - clone community config repo, branch it for our use
> - set db-params in database.yaml
> - start openxpki with debug flag 128
> - run sampleconfig.sh
>
> The error-banner stays consistent in the message it shows:
>   "The server did not return the expected data.
> Maybe your authentication session has expired or there is an
> internal error.
> HTTP code: 500"
>
> I'll paste stderr.log (ommitting the traces)
> would you like to see the full logs?
>
> ```
> Debugging module 'OpenXPKI::Service' with bitmask .
> Process Backgrounded
> 2022/04/19-07:58:40 OpenXPKI::Server (type Net::Server::Fork ->
> MultiType -> Net::Server::Fork) starting! pid(8124)
> Binding to UNIX socket file "/var/openxpki/openxpki.socket"
> Group Not Defined.  Defaulting to EGID '0 0'
> User Not Defined.  Defaulting to EUID '0'
> Setting gid to "114"
> Setting uid to "107"
> Use of uninitialized value $communication_state in concatenation
> (.) or string at (eval 3157) line 1,  line 1.
> 2022-04-19 07:58:40.593759 DEBUG:2 PID:8125
> OpenXPKI::Service::collect (line 86): communication state:
> 2022-04-19 07:58:40.594130 DEBUG:32 PID:8125 (eval) (line 98):
> setting signal handler ALRM
> 2022-04-19 07:58:40.594616 DEBUG:32 PID:8125 (eval) (line 100):
> scheduling SIGALRM in 120 seconds
> 2022-04-19 07:58:40.594955 DEBUG:2 PID:8125 (eval) (line 102):
> reading data from OpenXPKI::Transport::Simple
> 2022-04-19 07:58:40.595416 DEBUG:128 PID:8125
> OpenXPKI::Service::collect (line 122): collect: $VAR1 = {
>   'SERVICE_MSG' => 'PING',
>   'PARAMS' => undef
>     };
>
> 2022-04-19 07:58:40.595955 DEBUG:128 PID:8125
> OpenXPKI::Service::talk (line 48): talk: $VAR1 = {
>   'SERVICE_MSG' => 'START_SESSION'
>     };
>
> 2022-04-19 07:58:40.602011 DEBUG:2 PID:8125
> OpenXPKI::Service::collect (line 86): communication state: can_receive
> 2022-04-19 07:58:40.602311 DEBUG:32 PID:8125 (eval) (line 98):
> setting signal handler ALRM
> 2022-04-19 07:58:40.602645 DEBUG:32 PID:8125 (eval) (line 100):
> scheduling SIGALRM in 120 seconds
> 2022-04-19 07:58:40.602945 DEBUG:2 PID:8125 (eval) (line 102):
> reading data from OpenXPKI::Transport::Simple
> 2022-04-19 07:58:40.642905 DEBUG:1 PID:8125
> OpenXPKI::Service::collect (line 110): ERROR: $VAR1 = bless( {
>  'message' =>
> 'I18N_OPENXPKI_TRANSPORT_SIMPLE_CLIENT_READ_CLOSED_CONNECTION',
>  'time' => 1650355120,
>
> a lot of lines omitted
>
> ```
>
>
> Thanks
> Robert
> 
> *Von: *"Oliver Welter" 
> *An: *"OpenXPKI-users" 
> *Gesendet: *Sonntag, 17. April 2022 10:03:48
> *Betreff: *Re: [OpenXPKI-users] Need help with initial setup
>
> Hi,
>
> this sounds really weird.
>
> First: The database must be created and connected before you run
> the sample config script as this imports several items into the db.
>
> Things to check:
> - locale en_US installed
> - database drivers installed
>

Re: [OpenXPKI-users] How to Configure YubiHSM in CLCA

2022-04-26 Thread Martin Bartosch via OpenXPKI-users 
Hi,

> The CLCA documentation https://github.com/openxpki/clca specifies to use the 
> nCipher & Gemalto HSM as follows.
> 
> # Define crypto engine to use. Supported values are
> # openssl   - OpenSSL software only (private keys stored on disk)
> # chil  - nCipher hardware
> # gem   - Gemalto Safenet Luna SA hardware
> 
> How can we configure the CLCA to use YubiHSM?

- determine how the YubiHSM can be used with OpenSSL
- identify the correct engine to use (likely pkcs11 with the YubiHSM2)
- identify the correct key reference to use via PKCS#11 

Craft a proper openssl.cnf file for your setup.
Set ENGINE to the correct engine
Set ROOTKEYNAME to the correct key identifier

> Furthermore, there is no detailed documentation is available for the 
> configuration of CLCA from scratch. Kindly share, please.

The Open Source version of clca is documented in a way that allows skilled IT 
Security professionals to make proper use of the tool in the current form. 
Should you desire a more polished product, detailed user documentation or 
should you need assistance in setting up a proper offline CA environment with 
clca I suggest to get in touch with White Rabbit Security for the clca 
Enterprise Edition.

Cheers

Martin



___
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users