Hi James,
I am using "peer" instead of "trust" in my pg_hba.conf. You may want to try
this.
Cheers,
Lixin.
On 2024-02-06, 10:21 AM, "James B. Byrne via OpenXPKI-users"
mailto:openxpki-users@lists.sourceforge.net>> wrote:
PostgreSQL-16
FreeBSd-13.2p9
I am trying to setup openxpki using
ibahci crc32c_intel libata megaraid_sas dm_mirror dm_region_hash dm_log
dm_mod
[36664.684758] CR2:
Is this also related to the same bug?
Thanks,
Lixin.
From: Aurelien Degremont
Date: Wednesday, November 29, 2023 at 8:31 AM
To: lustre-discuss , Lixin Liu
Subject: RE: MDS crashes,
Hi,
Recently, we frequently see OSTs are randomly dropped by some client nodes.
We have 4 Lustre filesystems, total 126 OSTs. All clients are running 2.15.3
client on CentOS 7.
Servers are CentOS 7 with Lustre 2.12.8 (3 FS') and 2.15.3 on Alma 8.8.
Failures can happen
from both versions of
successfully, do you think that I did the
configuration correctly?
Thanks
On Thu, Sep 28, 2023 at 7:31 PM Lixin Liu mailto:l...@sfu.ca>>
wrote:
I have successfully used YubiHSM2 (FIPS version). I used the label name for the
signing key:
key: "slot_0-label_"
C
I have successfully used YubiHSM2 (FIPS version). I used the label name for the
signing key:
key: "slot_0-label_"
Cheers,
Lixin.
From: Montajab Saleh
Sent: Thursday, September 28, 2023 2:19 AM
To: openxpki-users@lists.sourceforge.net
Subject: [OpenXPKI-users] OpenXPKI woth YubiHSM2 -
need to change the
"_map_notify_to" expression to point either to the hash of the parsed
subject ([% context.cert_subject_parts.SAN_EMAIL.0 %] should work) or
use the metadata which you have defined earlier via the Templating
plugins (Certificate.attr(...)).
Oliver
On 18.09.23 18:53,
Hi,
Several months ago, I was asking if I can use SAN_EMAIL field as the email
notification
for anonymous EST request submission.
I had other projects to deal with, so did not investigate further. Now I am
back on this
again and I upgraded release to 3.26 (both software and config).
There are
Hi,
I am very close to start open my CA implementation to our subscribers for beta
testing.
One remaining issue is I am unable to setup notification correctly.
From what I see, the option provided in “info” fields are used for email
notifications.
But it is not possible to do for anonymous
Hi Martin,
Thanks! This is very helpful.
Add permission mode appears to work correct for new cert publishing. And,
thanks to your sharp eye,
removing extra "I" in "RA Operator.yaml" file, line 329, does clear the error.
I also noticed errors in stderr.log file:
Use of uninitialized
Hi,
I am hitting another error when publishing a cert (to a local file). I see the
cert file is written
to local directory, but with a 777 permission which I think is wrong.
Here is the error message right after publishing is finished.
2023/02/25 18:19:34 INFO Workflow
nd was never
really supported by the 3.x release - it is left there mainly as a reference
and you are right, the san_email template is missing in the configuration. The
suggested way is to use a matching template in the subject section which looks
like you already did.
Oliver
On 21.02.23 22:02, Lixi
file for writing at
/usr/local/share/perl5/5.32/Connector/Builtin/File/Path.pm line 156,
line 1.
If I touch the CRL file first, I am able to public the new CRL.
Cheers,
Lixin.
From: Lixin Liu
Date: Tuesday, February 21, 2023 at 1:02 PM
To: "openxpki-users@lists.sourceforge.net"
Hi,
Questions about setting up openxpki.
First, I can issue CRL correctly, but I am unable to publish it (to local
directory). Here is the log:
2023/02/21 12:37:37 openxpki.workflow.INFO Workflow
255/crl_issuance/PUBLISH_CRL executed 'global_noop' (autorun) in state
'LOAD_NEXT_CA'
ty much that you are missing the
CGI::Session::OpenXPKI driver module - this sits in the core repo but is
not build/installed by the main Makefile.
Oli
PS: RHEL8 packages are available via our enterprise edition - if this
would be an option, feel free to contact me.
On 17.02.23 23:44, Lixin Liu wr
Hi,
I have built the development VM for OpenXPI and appears to be stable on
Rocky/AlmaLinux 9.
Need to modify Makefile.PL to allow using openssl 3.0. And I use YubiHSM2 for
signing.
This week, I started a production VM but running into an error in UI which I
cannot see why.
On the client web
Hi Scotty,
I am new to OpenXPKI and still learning, so my experience is very limited.
I have not used SCEP, have only tried EST with custom configuration. My changes
are mostly
related to SAN field, but it is likely similar to what you need to do.
I think you need to create a CSR with all
I think I figured out what I missed. I need to create a custom.conf file in
global est directory.
I can now create new request with proper profile option now.
Cheers,
Lixin.
On 2023-02-02, 10:46 AM, "Lixin Liu" mailto:l...@sfu.ca>> wrote:
Turning on DEBUG, I am seeing
=System|sid=Ki4O|wftype=certificate_enroll|wfid=22527]
Any hint how where I should look?
Thanks,
Lixin.
On 2023-02-02, 8:19 AM, "Lixin Liu" mailto:l...@sfu.ca>> wrote:
Hi Oliver,
Thanks for your reply.
I followed your suggestion to create estcustom.yaml file
re control over the "outer" wrapper
configuration, also create an appropriate file est/custom.conf - if this
is not present, it will inherit from default.
HTH
Oliver
On 02.02.23 04:31, Lixin Liu wrote:
> Hi Martin,
>
> Sorry I am new to OpenXPKI product and still trying to
Hi Martin,
Sorry I am new to OpenXPKI product and still trying to learn how to customize
to my need.
I am not sure how to define a new endpoint. Should I create a new ScriptAlias
in Apache
configuration to, say /.well-known/user-est and then create a directory
user-est with its
configuration
Hi,
I have only one CA, but is it possible to configure EST with 2 different
profiles?
I would like to setup one for User certs. and one for TLS server certs.
Thanks,
Lixin.
___
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
ers] Define 2 policy identifiers in certificate profile
Hi Lixin,
the syntax is correct but you can remove the empty "oid:", it is not required
in that case.
Oliver
On 25.01.23 20:08, Lixin Liu wrote:
To answer the question myself, this seems to work:
policy_identifier:
:35 AM, "Lixin Liu" mailto:l...@sfu.ca>> wrote:
Hi,
I am new to OpenXPKI, so this may be a simply question, how do I define 2
policy identifiers in the profile?
I want to do something like:
policy_identifier:
oid: 1.2.3.4.5
critical: 0
cps:
- http://localhos
critical: 0
user_notice:
- My note
I don't think this is correct. What is the correct syntax to use?
Thank you very much.
Lixin Liu
HPC System Architect
Simon Fraser University
___
OpenXPKI-users mailing list
OpenXPKI-users
ssue, but would like to know if
someone here
has any suggestions.
Thanks,
Lixin Liu
Simon Fraser University
___
lustre-discuss mailing list
lustre-discuss@lists.lustre.org
http://lists.lustre.org/listinfo.cgi/lustre-discuss-lustre.org
After set changelog_mask and restart robinhood, this problem is cleared.
Lixin.
On 2020-05-29, 11:06 PM, "lustre-discuss on behalf of Lixin Liu"
wrote:
I am getting an error every second in the robinhood log:
2020/05/29 22:10:37 [38025/3] ChangeLog | Error in llapi_chan
These started in early April.
Is there something I can do to determine what is the cause?
Thanks,
Lixin Liu
Simon Fraser University
___
lustre-discuss mailing list
lustre-discuss@lists.lustre.org
http://lists.lustre.org/listinfo.cgi/lustre-discuss-lustre.org
Hi Zeeshan,
Thanks for the hint.
OPA works fine, but then I found someone brought up a misconfigured node which
has
the conflict IP address on OPA interface. Fixing it and problem solved.
Lixin.
From: Zeeshan Ali Shah
Date: Saturday, August 11, 2018 at 11:20 PM
To: Lixin Liu
Cc: "l
).
Thanks,
Lixin Liu
High Performance Computing
Simon Fraser University
___
lustre-discuss mailing list
lustre-discuss@lists.lustre.org
http://lists.lustre.org/listinfo.cgi/lustre-discuss-lustre.org
Hi Andreas,
I have seen very similar errors in our 2.10.1 environment. Same errors from
different clients to
different OSS servers and OSTs. Our network is OPA and we are using the latest
driver and
firmware for all HFIs and switches (10.6).
Thanks,
Lixin Liu
Compute Canada
30 matches
Mail list logo