Re: [OpenXPKI-users] Generate and publish a CRL
On Thu, April 4, 2024 14:22, Martin Bartosch wrote: > > Check yo staging. Uh, permissions. > > Martin > > I changed the permissions on /usr/local/www/download to 777. The CRL publishing workflow now completes without error. However, there is no file found in /usr/local/www/download/ after it completes. Nonetheless, a revocation list is available through the webui. I am very confused about this. As /usr/local/www/download/ permissions are critical to success in publishing why are here no contents once crl publishing completes? Regards, -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Unencrypted messages have no legal claim to privacy Do NOT open attachments nor follow links sent by e-Mail James B. Byrnemailto:byrn...@harte-lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 ___ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
Re: [OpenXPKI-users] Generate and publish a CRL
James, > There is no /var/www/ directory on FreeBSD as shipped. Instead the html root > is /usr/local/www/. I created /usr/local/www/download/ > > # ll -d /usr/local/www/download > drwxr-xr-x 2 root wheel 2 Apr 4 12:39 /usr/local/www/download > ... > > But still get the same result. > > 2024/04/04 14:05:33 9215 Publication failed for target disk-der, requeuing > 2024/04/04 14:05:33 9215 Publication failed for target disk-pem, requeuing > 2024/04/04 14:05:33 9215 Retry exceeded on action capub_publish_cacert > > What needs to be changed? Check yo staging. Uh, permissions. Martin ___ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
[OpenXPKI-users] Generate and publish a CRL
On Wed, April 3, 2024 17:30, Oliver Welter wrote:
> the system is not really designed to work with externally provided
certificates, it is a PKI that manages the certificate lifecycle. . .
Tracking down the CRL problem with democa I found
./config.d/realm/democa/publishing.yaml which contains this:
crl:
crl@: connector:publishing.connectors.cdp
cdp:
class: Connector::Builtin::File::Path
LOCATION: /var/www/download/
file: "[% ARGS.0.replace('[^\\w-]','_') %].crl"
content: "[% der %]"
There is no /var/www/ directory on FreeBSD as shipped. Instead the html root
is /usr/local/www/. I created /usr/local/www/download/
# ll -d /usr/local/www/download
drwxr-xr-x 2 root wheel 2 Apr 4 12:39 /usr/local/www/download
and altered publishing.yaml to
cdp:
class: Connector::Builtin::File::Path
LOCATION: /usr/local/www/download/
file: "[% ARGS.0.replace('[^\\w-]','_') %].crl"
content: "[% der %]"
But still get the same result.
2024/04/04 14:05:33 9215 Publication failed for target disk-der, requeuing
2024/04/04 14:05:33 9215 Publication failed for target disk-pem, requeuing
2024/04/04 14:05:33 9215 Retry exceeded on action capub_publish_cacert
What needs to be changed?
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
Unencrypted messages have no legal claim to privacy
Do NOT open attachments nor follow links sent by e-Mail
James B. Byrnemailto:byrn...@harte-lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
___
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users
