[OpenXPKI-users] The requested URL has no service assigned

[Mark Farrugia]

Hello,

I have encountered a new issue, that I am unable to find a meaningful
answer to.

I have enabled SSL and resolved my issues, and OpenXPKI and Apache service
are running now.  I am able to get to connect to port 443 now at the
following URL: https://certca.home.lan/openxpki/

I am redirected from that URL to:
https://certca.home.lan/openxpki/#/openxpki/welcome

In FireFox I see the "OpenXPKI is loading" animation with spinning arrows.

In the webui.log I am seeing the following entries:
2024/01/30 15:16:12 INF The requested URL has no service assigned.
[pid=25383|sid=ba2b]
2024/01/30 15:16:12 INF The requested URL has no service assigned.
[pid=25383|sid=69d1]

I came across two resources that were unhelpful:
https://sourceforge.net/p/openxpki/mailman/message/37874743/
https://github.com/openxpki/openxpki/issues/906

Could someone please let me know what I have done wrong?  Please advise if
you need additional information.

Thank you
Mark
___
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users

Re: [OpenXPKI-users] Web Virtual Host not Working

[Mark Farrugia]

Hello Martin,

Thank you for the quick response, it is very appreciated.

That mod you mentioned was definitely the issue.  Upon restart of Apache it
is failing to start, and I see in the logs that I have a problem with my
certificates I am trying to assign to the web client.

[Tue Jan 30 13:25:48.494120 2024] [ssl:emerg] [pid 24560] AH01896: Unable
to determine list of acceptable CA certificates for client authentication

I will go and work on trying to fix this issue now, but at least now it's
trying to load the SSL certificates.

Thank you
Mark.

On Tue, Jan 30, 2024 at 12:58 PM Martin Bartosch via OpenXPKI-users <
openxpki-users@lists.sourceforge.net> wrote:

> Hi Mark,
>
> > root@certca:/var/www/openxpki# openxpkicmd  --realm certca crl_issuance
> > Workflow created (ID: 255), State: SUCCESS
> >
> > But When I get to the portion of Adding the Webclient, once again
> following the instructions, I do not see Apache start listening on port 443.
> >
> > root@certca:~# netstat -an | grep 443
> > root@certca:~#
> >
> > I have created a self signed certificate and put them in the locations
> specified in the document.
> >
> > root@certca:/etc/openxpki/tls# ls -R
> > .:
> > endentity  private
> >
> > ./endentity:
> > openxpki.crt
> >
> > ./private:
> > openxpki.key
> >
> > I am not sure what I am missing, I see the openxpki.conf linked from
> "sites-enabled" to "sites-available" in /etc/apache2 directory.
> >
> > Currently, because Apache is not listening on port 443, every connection
> is understandably refused.
>
> It is quite likely that mod_ssl is not enabled in your Apache.
>
> Try
>
> a2enmod ssl
>
> and restart Apache.
>
> Cheers
>
> Martin
>
>
>
>
> ___
> OpenXPKI-users mailing list
> OpenXPKI-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openxpki-users
>
___
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users

Re: [OpenXPKI-users] Web Virtual Host not Working

[Martin Bartosch via OpenXPKI-users]

Hi Mark,

> root@certca:/var/www/openxpki# openxpkicmd  --realm certca crl_issuance
> Workflow created (ID: 255), State: SUCCESS
> 
> But When I get to the portion of Adding the Webclient, once again following 
> the instructions, I do not see Apache start listening on port 443.
> 
> root@certca:~# netstat -an | grep 443
> root@certca:~#
> 
> I have created a self signed certificate and put them in the locations 
> specified in the document.
> 
> root@certca:/etc/openxpki/tls# ls -R
> .:
> endentity  private
> 
> ./endentity:
> openxpki.crt
> 
> ./private:
> openxpki.key
> 
> I am not sure what I am missing, I see the openxpki.conf linked from 
> "sites-enabled" to "sites-available" in /etc/apache2 directory.
> 
> Currently, because Apache is not listening on port 443, every connection is 
> understandably refused.

It is quite likely that mod_ssl is not enabled in your Apache.

Try

a2enmod ssl

and restart Apache.

Cheers

Martin




___
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users

[OpenXPKI-users] Web Virtual Host not Working

[Mark Farrugia]

Hello,

I have been following the Quickstart Guide
 to get
OpenXPKI running on a Debian 12.4 system.

I have downloaded the latest published packages from the repository.

I can see that the Server is working, at least according to the guide.

root@certca:/var/www/openxpki# openxpkicmd  --realm certca crl_issuance
Workflow created (ID: 255), State: SUCCESS

But When I get to the portion of Adding the Webclient
,
once again following the instructions, I do not see Apache start listening
on port 443.

root@certca:~# netstat -an | grep 443
root@certca:~#

I have created a self signed certificate and put them in the locations
specified in the document.

root@certca:/etc/openxpki/tls# ls -R
.:
endentity  private

./endentity:
openxpki.crt

./private:
openxpki.key

I am not sure what I am missing, I see the openxpki.conf linked from
"sites-enabled" to "sites-available" in /etc/apache2 directory.

Currently, because Apache is not listening on port 443, every connection is
understandably refused.

Any and all help or suggestions are welcome.
Thank you
Mark.
___
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users

Re: [OpenXPKI-users] Sscep problem

[Oliver Welter]

Hi Ali,

go to the Webui, search for the workflow and read the error message 
there - if there is no workflow, check the scep.log on the console and 
try running sscep with "-v" or "-d" to get some additional output.


Oliver

On 30.01.24 15:48, Ali Danakiran wrote:


Hi

Can anyone tell me why I get the error code.

*/sscep# ./sscep enroll -uhttp://IP-ADDRESS/scep/scep 
\


    -k tmp/scep-test.key -r tmp/scep-test.csr \

    -c tmp/cacert-0 \

    -l tmp/scep-test.crt \

    -t 10 -n 1*

./sscep: Certificate request sent

./sscep: Valid response from the server

./sscep: Response transaction ID:

./sscep: pkistatus: FAILURE

./sscep: Reason: Transaction not allowed or supported


Martin Bartosch via OpenXPKI-users 
 schrieb am Fr. 26. Jan. 2024 um 
16:21:


Hi,

> I'm a bit further along now, I installed sscep via Github Link
but now I get the error message:
> /sscep# ./sscep getca -c tmp/cacert -u http://domainorip/scep/scep
> ./sscep: cannot open cert file for writing

mkdir tmp

and retry.

Cheers

Martin




___
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users



___
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users


--
Protect your environment -  close windows and adopt a penguin!
___
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users

Re: [OpenXPKI-users] Sscep problem

[Ali Danakiran]

Hi

Can anyone tell me why I get the error code.



*/sscep# ./sscep enroll -u http://IP-ADDRESS/scep/scep \

-k tmp/scep-test.key -r tmp/scep-test.csr \

-c tmp/cacert-0 \

-l tmp/scep-test.crt \

-t 10 -n 1*



./sscep: Certificate request sent

./sscep: Valid response from the server

./sscep: Response transaction ID:

./sscep: pkistatus: FAILURE

./sscep: Reason: Transaction not allowed or supported

Martin Bartosch via OpenXPKI-users 
schrieb am Fr. 26. Jan. 2024 um 16:21:

> Hi,
>
> > I'm a bit further along now, I installed sscep via Github Link but now I
> get the error message:
> > /sscep# ./sscep getca -c tmp/cacert -u http://domainorip/scep/scep
> > ./sscep: cannot open cert file for writing
>
> mkdir tmp
>
> and retry.
>
> Cheers
>
> Martin
>
>
>
>
> ___
> OpenXPKI-users mailing list
> OpenXPKI-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openxpki-users
>
___
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users