Hi Oliver, Am Montag, dem 20.12.2021 um 11:09 +0100 schrieb Oliver Welter: > Hello Stefan, > > Am 20.12.21 um 08:04 schrieb Stefan Weigel: > > Debian buster > > OpenXPKI 3.6.1 (via git clone) > I hope this is a typo and you are on 3.16.1...
You're right, it is 3.16.0 > > I tried with openxpki.git/vagrant/debian/setup-dummy.sh to setup > > MariaDB & democa stuff. > > > > Via raop in WebGUI I'm getting: > > "Your system status is critical!" -> Watchdog..Not Running! > I saw this recently with systemd also, I guess that is a false alarm > - > check with "ps" if there is a watchdog process. ps tells me it's running. > > When changing to "Manage Secrets" I get > > "Unknown error (crypto secret plain setsecret missing part)" > > This basically means you broke the secret/crypto config - check the > "secret" sections in your realm and system crypto.yaml I used the democa (https://github.com/openxpki/openxpki-config) without changes to the mentioned file. > > > > Further on I'm wondering why /etc/openxpki/local/keys/vault-1.pem > > get's > > created, but /etc/openxpki/local/keys/democa/ca-signer-1.pem + > > /etc/openxpki/local/keys/democa/scep-1.pem wasn't copied to the > > dir: > > from /etc/openxpki/config.d/realm/democa/crypto.yaml: > > [..] > > ca-signer: > > inherit: default > > key_store: DATAPOOL > > key: "[% ALIAS %]" > > > > vault: > > inherit: default > > key: /etc/openxpki/local/keys/[% ALIAS %].pem > > [..] > > > > for vault there is a absolute path, ca-signer is only specified > > with > > alias. Why? > > With "key_store: DATAPOOL" you tell the system to store the key in > the > internal database, as the vault is used to encrypt the datapool you > can > not store the vault itself in the datapool so it remains as a file on > disk. > I can find the certificates in the sql dump (BEGIN CERTIFICATE) but I can't find any string with 'BEGIN ENCRYPTED PRIVATE KEY'. Where is the private key located? > Oliver > > Thanks and best regards, Stefan > >
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
