Hi, did you change the passwords in the sample script? If the answer is yes, you need to change the password also in system/crypto.yaml.
Oliver Am 12.02.21 um 15:30 schrieb Alejandro Imass: > More information, in case anyone cares to pitch in, or for future > people having the same problem: > > The key that was left in /etc/openxpki/ca/vault-1.pem (not sure who or > what generated this file) does not match any key generated by > the sampleconfig.sh script: > > root@04908b0d71e6:/etc/openxpki/ca/democa# openssl rsa -in > ../vault-1.pem -noout -modulus | openssl sha1 > (stdin)= *488672da98c4e16de8b5a7d6b83180ddfe1893ce* > root@04908b0d71e6:/etc/openxpki/ca/democa# ls *.key > OpenXPKI_DataVault.keyOpenXPKI_Issuing_CA.key OpenXPKI_Root_CA.key > OpenXPKI_SCEP_RA.key OpenXPKI_WebUI.key > root@04908b0d71e6:/etc/openxpki/ca/democa# openssl rsa -in > OpenXPKI_DataVault.key -noout -modulus | openssl sha1 > Enter pass phrase for OpenXPKI_DataVault.key: > (stdin)= *189adabc716b033098f487e17139484baf52d532* > root@04908b0d71e6:/etc/openxpki/ca/democa# openssl rsa -in > OpenXPKI_Issuing_CA.key -noout -modulus | openssl sha1 > Enter pass phrase for OpenXPKI_Issuing_CA.key: > (stdin)= *f095fe95f3b344b33d4f3c6222eb2c9df9ab0f0d* > root@04908b0d71e6:/etc/openxpki/ca/democa# openssl rsa -in > OpenXPKI_Root_CA.key -noout -modulus | openssl sha1 > Enter pass phrase for OpenXPKI_Root_CA.key: > (stdin)= *b40858d0e29a15fdb43942b1231143e7224660f7* > root@04908b0d71e6:/etc/openxpki/ca/democa# openssl rsa -in > OpenXPKI_SCEP_RA.key -noout -modulus | openssl sha1 > Enter pass phrase for OpenXPKI_SCEP_RA.key: > (stdin)= *2a25200f762ba7cb3a92784a49b03f4fc257360e* > root@04908b0d71e6:/etc/openxpki/ca/democa# openssl rsa -in > OpenXPKI_WebUI.key -noout -modulus | openssl sha1 > Enter pass phrase for OpenXPKI_WebUI.key: > (stdin)= *332693338aa237c2337489eaf12c08a90cc4a235* > > > On Thu, Feb 11, 2021 at 7:26 PM Alejandro Imass <[email protected] > <mailto:[email protected]>> wrote: > > Hi there, > > I'm guessing this has been asked a million times and I searched > the archives to no avail. I've looked at all the permissions and > everything seems fine, and the key never becomes usable. I've > RTFMd but I followed everything on the manual. > > This test install was done with Docker. Everything setup fine. > Then I ran sampleconfig.sh and all the certificates were created > and loaded as expected. > > One thing I did notice. /etc/openxpki/local/keys/vault-1.pem did > not exist, but the pem was n fact in the ca directory, so I > created the /etc/openxpki/local/keys path all 0600 and copied the > key from the ca directory to there with 0440. I also tried 0400. > Nothing seems to work, but everything looks good. Any ideas? Any > other info I can provide for your kind help? > > Thanks! > Alex > > openxpkicli version > { > "config" : { > "api" : "3.6", > "commit" : null, > "config" : "3.6" > }, > "server" : { > "api" : 2, > "version" : "3.8.1" > } > } > > > openxpkicli get_token_info --arg alias=vault-1 > { > "key_name" : "/etc/openxpki/local/keys/vault-1.pem", > "key_secret" : 1, > "key_store" : "OPENXPKI", > "key_usable" : 0 > } > > > > > _______________________________________________ > OpenXPKI-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/openxpki-users -- Protect your environment - close windows and adopt a penguin!
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
