Re: [OpenXPKI-users] Generate and publish a CRL
On Thu, April 4, 2024 14:22, Martin Bartosch wrote: > > Check yo staging. Uh, permissions. > > Martin > > I changed the permissions on /usr/local/www/download to 777. The CRL publishing workflow now completes without error. However, there is no file found in /usr/local/www/download/ after it completes. Nonetheless, a revocation list is available through the webui. I am very confused about this. As /usr/local/www/download/ permissions are critical to success in publishing why are here no contents once crl publishing completes? Regards, -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Unencrypted messages have no legal claim to privacy Do NOT open attachments nor follow links sent by e-Mail James B. Byrnemailto:byrn...@harte-lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 ___ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
Re: [OpenXPKI-users] Generate and publish a CRL
James, > There is no /var/www/ directory on FreeBSD as shipped. Instead the html root > is /usr/local/www/. I created /usr/local/www/download/ > > # ll -d /usr/local/www/download > drwxr-xr-x 2 root wheel 2 Apr 4 12:39 /usr/local/www/download > ... > > But still get the same result. > > 2024/04/04 14:05:33 9215 Publication failed for target disk-der, requeuing > 2024/04/04 14:05:33 9215 Publication failed for target disk-pem, requeuing > 2024/04/04 14:05:33 9215 Retry exceeded on action capub_publish_cacert > > What needs to be changed? Check yo staging. Uh, permissions. Martin ___ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users
[OpenXPKI-users] Generate and publish a CRL
On Wed, April 3, 2024 17:30, Oliver Welter wrote: > the system is not really designed to work with externally provided certificates, it is a PKI that manages the certificate lifecycle. . . Tracking down the CRL problem with democa I found ./config.d/realm/democa/publishing.yaml which contains this: crl: crl@: connector:publishing.connectors.cdp cdp: class: Connector::Builtin::File::Path LOCATION: /var/www/download/ file: "[% ARGS.0.replace('[^\\w-]','_') %].crl" content: "[% der %]" There is no /var/www/ directory on FreeBSD as shipped. Instead the html root is /usr/local/www/. I created /usr/local/www/download/ # ll -d /usr/local/www/download drwxr-xr-x 2 root wheel 2 Apr 4 12:39 /usr/local/www/download and altered publishing.yaml to cdp: class: Connector::Builtin::File::Path LOCATION: /usr/local/www/download/ file: "[% ARGS.0.replace('[^\\w-]','_') %].crl" content: "[% der %]" But still get the same result. 2024/04/04 14:05:33 9215 Publication failed for target disk-der, requeuing 2024/04/04 14:05:33 9215 Publication failed for target disk-pem, requeuing 2024/04/04 14:05:33 9215 Retry exceeded on action capub_publish_cacert What needs to be changed? -- *** e-Mail is NOT a SECURE channel *** Do NOT transmit sensitive data via e-Mail Unencrypted messages have no legal claim to privacy Do NOT open attachments nor follow links sent by e-Mail James B. Byrnemailto:byrn...@harte-lyne.ca Harte & Lyne Limited http://www.harte-lyne.ca 9 Brockley Drive vox: +1 905 561 1241 Hamilton, Ontario fax: +1 905 561 0757 Canada L8E 3C3 ___ OpenXPKI-users mailing list OpenXPKI-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openxpki-users