Hi list, I'm trying currently to get a working setup of OpenXPKI up and running. System:
Debian buster
OpenXPKI 3.6.1 (via git clone)
I tried with openxpki.git/vagrant/debian/setup-dummy.sh to setup
MariaDB & democa stuff.
Via raop in WebGUI I'm getting:
"Your system status is critical!" -> Watchdog..Not Running!
When changing to "Manage Secrets" I get
"Unknown error (crypto secret plain setsecret missing part)"
via openxpkid.log:
2021/12/17 13:21:46 DEBUG Session resumed [pid=8576|sid=hQke]
2021/12/17 13:21:46 DEBUG Changing session state from
SESSION_ID_SENT_FROM_CONTINUE to MAIN_LOOP [pid=8576|sid=hQke]
2021/12/17 13:21:46 DEBUG Executing command get_secrets
[pid=8576|sid=hQke]
2021/12/17 13:21:46 DEBUG Loading 105 API plugins [pid=8576|sid=hQke]
2021/12/17 13:21:46 DEBUG API - ignore
OpenXPKI::Server::API2::Plugin::Profile::Util: does not have role
OpenXPKI::Server::API2::PluginRole
(/usr/share/perl5/OpenXPKI/Server/API2/Plugin/Profile/Util.pm)
[pid=8576|sid=hQke]
2021/12/17 13:21:46 DEBUG API - ignore
OpenXPKI::Server::API2::Plugin::Workflow::Util: does not have role
OpenXPKI::Server::API2::PluginRole
(/usr/share/perl5/OpenXPKI/Server/API2/Plugin/Workflow/Util.pm)
[pid=8576|sid=hQke]
2021/12/17 13:21:46 DEBUG API - ignore
OpenXPKI::Server::API2::Plugin::Crypto::password_quality::Validate:
does not have role OpenXPKI::Server::API2::PluginRole
(/usr/share/perl5/OpenXPKI/Server/API2/Plugin/Crypto/password_quality/V
alidate.pm) [pid=8576|sid=hQke]
2021/12/17 13:21:46 DEBUG API - ignore
OpenXPKI::Server::API2::Plugin::Crypto::password_quality::CheckEntropyR
ole: does not have role OpenXPKI::Server::API2::PluginRole
(/usr/share/perl5/OpenXPKI/Server/API2/Plugin/Crypto/password_quality/C
heckEntropyRole.pm) [pid=8576|sid=hQke]
2021/12/17 13:21:46 DEBUG API - ignore
OpenXPKI::Server::API2::Plugin::Datapool::Util: does not have role
OpenXPKI::Server::API2::PluginRole
(/usr/share/perl5/OpenXPKI/Server/API2/Plugin/Datapool/Util.pm)
[pid=8576|sid=hQke]
2021/12/17 13:21:46 DEBUG API - ignore
OpenXPKI::Server::API2::Plugin::Api::Util::ModuleFinder: does not have
role OpenXPKI::Server::API2::PluginRole
(/usr/share/perl5/OpenXPKI/Server/API2/Plugin/Api/Util/ModuleFinder.pm)
[pid=8576|sid=hQke]
2021/12/17 13:21:46 DEBUG API - ignore
OpenXPKI::Server::API2::Plugin::Token::Util: does not have role
OpenXPKI::Server::API2::PluginRole
(/usr/share/perl5/OpenXPKI/Server/API2/Plugin/Token/Util.pm)
[pid=8576|sid=hQke]
2021/12/17 13:21:46 DEBUG API - ignore
OpenXPKI::Server::API2::Plugin::Cert::DateCondition: does not have role
OpenXPKI::Server::API2::PluginRole
(/usr/share/perl5/OpenXPKI/Server/API2/Plugin/Cert/DateCondition.pm)
[pid=8576|sid=hQke]
2021/12/17 13:21:46 DEBUG API - ignore
OpenXPKI::Server::API2::Plugin::Api::Util::PodPOMView: does not have
role OpenXPKI::Server::API2::PluginRole
(/usr/share/perl5/OpenXPKI/Server/API2/Plugin/Api/Util/PodPOMView.pm)
[pid=8576|sid=hQke]
2021/12/17 13:21:46 DEBUG API - ignore
OpenXPKI::Server::API2::Plugin::Crypto::password_quality::CheckStandard
Role: does not have role OpenXPKI::Server::API2::PluginRole
(/usr/share/perl5/OpenXPKI/Server/API2/Plugin/Crypto/password_quality/C
heckStandardRole.pm) [pid=8576|sid=hQke]
2021/12/17 13:21:46 DEBUG API - ignore
OpenXPKI::Server::API2::Plugin::Crypto::password_quality::CheckLegacyRo
le: does not have role OpenXPKI::Server::API2::PluginRole
(/usr/share/perl5/OpenXPKI/Server/API2/Plugin/Crypto/password_quality/C
heckLegacyRole.pm) [pid=8576|sid=hQke]
2021/12/17 13:21:46 DEBUG API - ignore
OpenXPKI::Server::API2::Plugin::Crypto::password_quality::TopPasswords:
does not have role OpenXPKI::Server::API2::PluginRole
(/usr/share/perl5/OpenXPKI/Server/API2/Plugin/Crypto/password_quality/T
opPasswords.pm) [pid=8576|sid=hQke]
2021/12/17 13:21:46 DEBUG API call to 'get_secrets' [pid=8576|sid=hQke]
2021/12/17 13:21:46 ERROR
I18N_OPENXPKI_CRYPTO_SECRET_PLAIN_SETSECRET_MISSING_PART
[pid=8576|sid=hQke]
2021/12/17 13:21:46 DEBUG Sending error $VAR1 = {
'CLASS' => 'OpenXPKI::Exception',
'LABEL' =>
'I18N_OPENXPKI_CRYPTO_SECRET_PLAIN_SETSECRET_MISSING_PART',
'PARAMS' => {}
};
[pid=8576|sid=hQke]
2021/12/17 13:21:46 DEBUG Changing session state from MAIN_LOOP to NEW
[pid=8576|]
Further on I'm wondering why /etc/openxpki/local/keys/vault-1.pem get's
created, but /etc/openxpki/local/keys/democa/ca-signer-1.pem +
/etc/openxpki/local/keys/democa/scep-1.pem wasn't copied to the dir:
"When provided, the system tries to copy the key data contained in the
given file to the location defined in the token configuration. The
token
configuration is read from the OpenXPKI server process via the socket
using the System stack to authenticate. Therefore this requires that
the
daemon is up and allows access to the I<get_token_info> call for the
default System user (this configuration is currently hardcoded and can
not be changed)."
from /etc/openxpki/config.d/realm/democa/crypto.yaml:
[..]
ca-signer:
inherit: default
key_store: DATAPOOL
key: "[% ALIAS %]"
vault:
inherit: default
key: /etc/openxpki/local/keys/[% ALIAS %].pem
[..]
for vault there is a absolute path, ca-signer is only specified with
alias. Why?
Thanks and best regards,
Stefan
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
