Hello Stefan, Am 20.12.21 um 08:04 schrieb Stefan Weigel: > Debian buster > OpenXPKI 3.6.1 (via git clone) I hope this is a typo and you are on 3.16.1... > I tried with openxpki.git/vagrant/debian/setup-dummy.sh to setup > MariaDB & democa stuff. > > Via raop in WebGUI I'm getting: > "Your system status is critical!" -> Watchdog..Not Running! I saw this recently with systemd also, I guess that is a false alarm - check with "ps" if there is a watchdog process. > When changing to "Manage Secrets" I get > "Unknown error (crypto secret plain setsecret missing part)"
This basically means you broke the secret/crypto config - check the "secret" sections in your realm and system crypto.yaml > Further on I'm wondering why /etc/openxpki/local/keys/vault-1.pem get's > created, but /etc/openxpki/local/keys/democa/ca-signer-1.pem + > /etc/openxpki/local/keys/democa/scep-1.pem wasn't copied to the dir: > from /etc/openxpki/config.d/realm/democa/crypto.yaml: > [..] > ca-signer: > inherit: default > key_store: DATAPOOL > key: "[% ALIAS %]" > > vault: > inherit: default > key: /etc/openxpki/local/keys/[% ALIAS %].pem > [..] > > for vault there is a absolute path, ca-signer is only specified with > alias. Why? With "key_store: DATAPOOL" you tell the system to store the key in the internal database, as the vault is used to encrypt the datapool you can not store the vault itself in the datapool so it remains as a file on disk. Oliver -- Protect your environment - close windows and adopt a penguin! _______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
