[OpenXPKI-users] System Requirements
Dear I wanted to ask a question, what are the minimum system requirements for installing OpenXpki?, because I did not find the system requirements documented on the website. thank you so much ___ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
Re: [OpenXPKI-users] Generate and publish a CRL
On Thu, April 4, 2024 14:22, Martin Bartosch wrote: > > Check yo staging. Uh, permissions. > > Martin > > I changed the permissions on /usr/local/www/download to 777. The CRL publishing workflow now completes without error. However, there is no file found in /usr/local/www/download/ after it completes. Nonetheless, a revocation list is available through the webui. I am very confused about this. As /usr/local/www/download/ permissions are critical to success in publishing why are here no contents once crl publishing completes? Regards, -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Unencrypted messages have no legal claim to privacy Do NOT open attachments nor follow links sent by e-Mail James B. Byrnemailto:byrn...@harte-lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 ___ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
Re: [OpenXPKI-users] Unable to delete certificate
On Thu, April 4, 2024 12:45, Oliver Welter wrote: > Hi James, > > something with your session setup seems to be fundamentally broken, I > have no idea why this is the case. > > Have a look at system/server.yaml and try to switch to the "file" > session handler. > I made this change to config.d/system/server.yaml: session: # type: Database # lifetime: 1200 # introduced in v2.2: (previous default was hard coded "session") # table: backend_session # if you want to keep the session in the filesystem, switch to type: File directory: /var/openxpki/session This change prevents openxpki from starting: openxpkictl start Starting OpenXPKI Community Edition v3.24.2 OpenXPKI server is not running or does not accept requests. Status check failed Regards -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Unencrypted messages have no legal claim to privacy Do NOT open attachments nor follow links sent by e-Mail James B. Byrnemailto:byrn...@harte-lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 ___ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
Re: [OpenXPKI-users] Generate and publish a CRL
James, > There is no /var/www/ directory on FreeBSD as shipped. Instead the html root > is /usr/local/www/. I created /usr/local/www/download/ > > # ll -d /usr/local/www/download > drwxr-xr-x 2 root wheel 2 Apr 4 12:39 /usr/local/www/download > ... > > But still get the same result. > > 2024/04/04 14:05:33 9215 Publication failed for target disk-der, requeuing > 2024/04/04 14:05:33 9215 Publication failed for target disk-pem, requeuing > 2024/04/04 14:05:33 9215 Retry exceeded on action capub_publish_cacert > > What needs to be changed? Check yo staging. Uh, permissions. Martin ___ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
[OpenXPKI-users] Generate and publish a CRL
On Wed, April 3, 2024 17:30, Oliver Welter wrote:
> the system is not really designed to work with externally provided
certificates, it is a PKI that manages the certificate lifecycle. . .
Tracking down the CRL problem with democa I found
./config.d/realm/democa/publishing.yaml which contains this:
crl:
crl@: connector:publishing.connectors.cdp
cdp:
class: Connector::Builtin::File::Path
LOCATION: /var/www/download/
file: "[% ARGS.0.replace('[^\\w-]','_') %].crl"
content: "[% der %]"
There is no /var/www/ directory on FreeBSD as shipped. Instead the html root
is /usr/local/www/. I created /usr/local/www/download/
# ll -d /usr/local/www/download
drwxr-xr-x 2 root wheel 2 Apr 4 12:39 /usr/local/www/download
and altered publishing.yaml to
cdp:
class: Connector::Builtin::File::Path
LOCATION: /usr/local/www/download/
file: "[% ARGS.0.replace('[^\\w-]','_') %].crl"
content: "[% der %]"
But still get the same result.
2024/04/04 14:05:33 9215 Publication failed for target disk-der, requeuing
2024/04/04 14:05:33 9215 Publication failed for target disk-pem, requeuing
2024/04/04 14:05:33 9215 Retry exceeded on action capub_publish_cacert
What needs to be changed?
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
Unencrypted messages have no legal claim to privacy
Do NOT open attachments nor follow links sent by e-Mail
James B. Byrnemailto:byrn...@harte-lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
___
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users
Re: [OpenXPKI-users] Unable to delete certificate
Hi James, something with your session setup seems to be fundamentally broken, I have no idea why this is the case. Have a look at system/server.yaml and try to switch to the "file" session handler. Oli On 04.04.24 18:11, James B. Byrne via OpenXPKI-users wrote: On Wed, April 3, 2024 17:30, Oliver Welter wrote: the system is not really designed to work with externally provided certificates, it is a PKI that manages the certificate lifecycleif I have returned to the democa realm to experiment with how profiles work. I have encountered a problem with publishing CRLs. I previously issued a key and certificate from this realm. It is listed in the my certificates page and can be searched. I ran a CRL creation workflow which completed without error. However, when I tried to publish the crl I get this error: I18N_OPENXPKI_SERVER_CONTEXT_CTX_OBJECT_NOT_DEFINED OBJECT: session Does this indicate a configuration error or is it saying that there are no revoked certificates so there is nothing to publish? Thanks, -- Protect your environment - close windows and adopt a penguin! ___ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
Re: [OpenXPKI-users] Unable to delete certificate
On Wed, April 3, 2024 17:30, Oliver Welter wrote: > the system is not really designed to work with externally provided > certificates, it is a PKI that manages the certificate lifecycleif I have returned to the democa realm to experiment with how profiles work. I have encountered a problem with publishing CRLs. I previously issued a key and certificate from this realm. It is listed in the my certificates page and can be searched. I ran a CRL creation workflow which completed without error. However, when I tried to publish the crl I get this error: I18N_OPENXPKI_SERVER_CONTEXT_CTX_OBJECT_NOT_DEFINED OBJECT: session Does this indicate a configuration error or is it saying that there are no revoked certificates so there is nothing to publish? Thanks, -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Unencrypted messages have no legal claim to privacy Do NOT open attachments nor follow links sent by e-Mail James B. Byrnemailto:byrn...@harte-lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 ___ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
