Hey friends,
I needed sign some CSRs today and ran into a problem out of the blue. All
my attempts to issue a cert result in a paused workflow. I'm hoping y'all
might have some ideas for troubleshooting (and hopefully fixing). It seems
like the system cannot find my ca-signer
In the system status, it is all green and shows the signer cert as online.
Here's the error in my log:
2022/05/09 14:09:53 openxpki.application.ERROR NICE backend error: Could
not find token alias by group; __group__ => ca-signer, __noafter__ =>
1715285393, __notbefore__ => 1652126993,
Here's my crypto.yml
ca-signer:
inherit: default
key_store: DATAPOOL
key: "[% ALIAS %]"
#key: /usr/local/etc/openxpki/ca/dzsec/ca-one-signer-1.pem
secret: dzsecsec
I tried to re-register the signer cert alias:
Certificate already registered as alias:
Alias : ca-signer-1
Identifier: H7_DJuEmAEppVvzsadtfPufca1Y
NotBefore : 2020-11-08 03:52:59
NotAfter : 2023-11-08 03:52:59
ERROR: certificate already exisits in group
Alias: ca-signer-1
Just for good measure, I tried to remove the alias:
openxpkiadm alias --realm dzsec --remove --alias ca-signer-1
And then re-added it successfully. I restarted mysql and OpenXPKI and I
still have the original issue.
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
