Hello,
Yes, I got it right that I should not use the sampleconfig.
The problem is that while the OpenXPKI server is not yet operational
(installation not yet finished), the documentation still misses these 2
critical steps.
You have proposed me to
> Refer to
> https://openxpki.readthedocs.io/en/latest/quickstart.html#create-datavault-token
This section says:
Create DataVault Token
The DataVault is a self-signed certificate using an RSA key, see #2
above.
#2 above:
Create a key/certificate for the internal datavault (ca = false, can be below
the ca but can also be self-signed). [HOW?]
Copy the DataVault key file [FROM WHERE?] to
/etc/openxpki/local/keys/vault-1.pem, it should have 0400 permission owned by
the openxpki user.
Now import the certificate:
$ openxpkiadm certificate import --file vault.crt [the file does not
exist]
---
The problem is that the documentation does not say how to create these 2 files:
vault-1.pem and vault.crt. What commands should be used (examples?)?
At that point, the openxpki server is not yet configured nor started; the
"Create DataVault Token" section says nothing on where to find these files or
HOW to create them. Below I see some other examples on the green background,
but not on how to generate or obtain these 2 files.
What are the commands to create them?
Do you require a payment for this knowledge, please?
I plan to install this platform privately at home, and I am not involved in any
business that could use your software or justify purchasing your Enterprise
Edition.
Thanks,
-----Original Message-----
From: Martin Bartosch <[email protected]>
Sent: Sunday, April 25, 2021 2:10 PM
To: [email protected]
Cc: Dimitri TIMOCHENKO <[email protected]>
Subject: Re: [OpenXPKI-users] Cannot install. Where to obtain DataVault Key and
DataVault certificate?
Dimitry,
Thanks for the constructive criticism and your interest in OpenXPKI.
> In the documentation site production installation doc seems to be incomplete.
> https://openxpki.readthedocs.io/en/latest/
> The so-called “Quickstart” page does not allow installing the server in the
> production mode (without sampleconfig.sh).
As mentioned previously, end users are not supposed to install a production
system using sampleconfig.sh.
If you are considering to do so you are most probably doing something wrong in
your PKI design.
An OpenSource PKI project provides you with the tool to implement an Enterprise
grade PKI. It does not design a PKI for you.
> The Create DataVault Token section misses 2 critical steps:
> 1. Copy the DataVault Key file to /etc/openxpki/local/keys/vault-1.pem
> - Where to obtain this file???
> 2. Import the certificate vault.crt - Where to obtain this file???
Refer to
https://openxpki.readthedocs.io/en/latest/quickstart.html#create-datavault-token
> This absence renders the installation impossible and the whole “product”
> unusable.
> Did somebody find these 2 files?
As clearly documented the administrator is supposed to create these files with
the newly deployed PKI-
> Is there a COMPLETE installation document, please?
We believe that the OpenSource documentation provides an adequate level of
introduction about the core concepts of OpenXPKI, enabling users with a PKI
background to implement the system in their environment.
Customers of our Enterprise Edition have the privilege of getting a thorough
and complete documentation of the entire system. If you are interested in this
version of the product or professional services on designing and implementing
your PKI do not hesitate to contact White Rabbit Security GmbH.
Best regards,
Martin
---
Best regards,
Dimitri
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
