Hello Hans, please check with "openxpkicli get_token_info --arg alias=ca-signer-1" if the key is properly found (key_usable = 1).
If this is the case, check if the password in the realms crypto.yaml matches the password that was used when generating the key. Oliver | | Am 25.11.21 um 08:57 schrieb Hans de Jong: > Hello, > > I have been trying to set up my own realm and certificates with > openxpki, however I keep running in the issue that my Signing CA wont > come online. > > It does load it just fine, and the realm alias info lists it all. But > it stays offline. > The vault however does work. > > What I do: https://gist.github.com/Sult/8e67307bfdfbc66ed07d1d1891bbf94c > I did find in the documentation that the filename is important (With > default config) > https://openxpki.readthedocs.io/en/stable/operation/tokenconfig.html#initial-setup > > > The <realm>/ca says you would need to have keys in local/keys/<realm> > however the sample config doesnt follow this convention. I have also > tried by putting the keys there, but with the same result. Signing CA > wont come online > > With kind regards, > Hans de Jong > > > PS: I dont know if this is useful but when i have everything loaded, > I get this output when showing the realm alias info. > root@6cc6f2267e07:/etc/openxpki/tmp# openxpkiadm alias --realm > provisioningca > === functional token === > scep (scep): > Alias : scep-1 > Identifier: datk1dTh9DV2mUbP-YbctJn0Acw > NotBefore : 2021-11-23 10:41:01 > NotAfter : 2022-11-23 10:41:01 > > vault (datasafe): > Alias : vault-1 > Identifier: f56oyzMYYgI1tFl4YVCEQTQVDVI > NotBefore : 2021-11-24 13:25:59 > NotAfter : 2024-11-28 13:25:59 > > ca-signer (certsign): > Alias : ca-signer-1 > Identifier: a2YR8-rwPDRFHJZrMvkWM_YL-cA > NotBefore : 2021-11-23 10:40:54 > NotAfter : 2022-11-23 10:40:54 > > ratoken (cmcra): > not set > > === root ca === > current root ca: > Alias : root-1 > Identifier: 0wwvnOUX2DNSYdjT0MNhPpfkyJg > NotBefore : 2021-11-23 10:40:49 > NotAfter : 2031-11-21 10:40:49 > > upcoming root ca: > not set > > > > > _______________________________________________ > OpenXPKI-users mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/openxpki-users -- Protect your environment - close windows and adopt a penguin!
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
