On Tue, March 19, 2024 13:24, Oliver Welter wrote:
> When the certificate is issued, open the "certificate details" popup and
> look under "Actions", you should see a link there to download the key.
>
> On 19.03.24 18:04, James B. Byrne via OpenXPKI-users wrote:
>> How is the private key downloaded when one is created along with a
>> certificate
>> request?
>>
The bottom third of the certificate detail popup is off the display and I did
not notice the scroll bar, given that I was not expecting one. Now I see it.
I seem to have resolved all of the issues I was having relating to the session
and unhandled errors. Some of this was caused by an incomplete configuration
in webui/default.conf as I missed the reference to the database connection.
The session driver is included in the FreeBSD package but it did not work
initially because I had not set the correct database connector for PostgreSQL.
That I fixed. The other issue appears to have been caused by the permissions
and ownership of the various log files.
I am not a perlmonk so I cannot offer a patch. I can recommend that
openxpkictl be enhanced to verify that the various log files can be written to
by the appropriate user ids (openxpki and www in my case.) when starting or
restarting the openxpki daemon. It would also be helpful if the inability to
open, read from, or write to each loggfile was trapped and explicitly reported.
That would have saved a lot of time.
The setup provided in the FreeBSD package does not get the ownership and
permissions correct and the service script that is provided therein totally
trashes it. I ended up with this bash script to set things correctly. If it is
of use then feel free to incorporate it as you see fit.
#!/bin/env bash
PKI="openxpki"
WwW="www"
for D in "/var/log/openxpki"
do
mkdir -p "$D"
chmod 660 "$D"
chown "$PKI:$WWW" "$D"
for F in \
audit.log \
catchall.log \
deprecated.log \
openxpki.log \
stderr.log \
webui.log \
workflows.log
do
touch "$D/$F"
chown "$PKI:$PKI" "$D/$F"
chmod 660 "$D/$F"
done
chgrp "$WWW" "$D"/webui.log
chgrp "$WWW" "$D"/catchall.log
done
#EOF
Thanks for all the help. So far. . . Next up is getting profiles configured.
Regards,
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
Unencrypted messages have no legal claim to privacy
Do NOT open attachments nor follow links sent by e-Mail
James B. Byrne mailto:[email protected]
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
