Hi Dmitry, On Mon, Jan 19, 2009 at 01:42:26PM +0500, Dmitry Golomolzin wrote: > You wrote: "The error typically means that you do not have a CA installed > that can satisfy the requested notafter date - did you install a CA > certificate yet? If so, does it run out before August 2009?" > > We used "openxpkiadm key generate --realm CYBORG --group default" command in > order to generate CA certificate (it's valid during 365 days from the > generation date, in other words, until Jan 2010) and got the following > warning:
openxpkiadm key generate just generates a CA _key_, not a CA certificate. Please see http://wiki.openxpki.org/index.php/Manual/Quickstart/Installation#Setting_up_the_CA_certificate_and_key for more information on what needs to be done to get a working CA setup. I'd suggest trying it out on the web interface first before doing it via OpenXPKI::Client. > EVAL_ERROR: I18N_OPENXPKI_XML_CACHE_GET_XPATH_COUNT_NOTHING_FOUND; __XPATH__ > => pki_realm/0/common/0/secret/0/group/0/method/0/required_shares Hmmm, that looks like an error to me rather than a warning. What's in the <secret> section of your config.xml? Was the key created successfully? > Does it mean that CA certificate's expiration date should match the > "notbefore" and "notafter" dates interval? Could you explain where we can > change these values ("notbefore" and "notafter")? The end entities notbefore and notafter dates must be within the range of one available CA certificate. You can change the length of the validity period in profile.xml, but that won't help you as long as you don't have a valid CA certificate ... Cheers, Alex -- Dipl.-Math. Alexander Klink | IT-Security Engineer [email protected] | working @ urn:oid:1.3.6.1.4.1.11417 ------------------------------------------------------------------------------ This SF.net email is sponsored by: SourcForge Community SourceForge wants to tell your story. http://p.sf.net/sfu/sf-spreadtheword _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
