On Wed, March 20, 2024 14:12, James B. Byrne via OpenXPKI-users wrote:
> # openxpkiadm certificate import --realm democa --file newname_rsa.crt
> try/catch is experimental at
> /usr/local/lib/perl5/site_perl/OpenXPKI/Server/Init.pm line 103.
> try/catch is experimental at
> /usr/local/lib/perl5/site_perl/OpenXPKI/Server/Init.pm line 107.
>
> Starting import
>
> 2024/03/20 12:40:19 OpenSSL error: C = CA, O = Harte & Lyne Limited, OU =
> Networked Data Services, CN = openxpki-3.internal.harte-lyne.ca
> error 20 at 0 depth lookup: unable to get local issuer certificate
>
The error I see is associated with the absence of a root CA certificate.
However, to the best of my ability to see the CA certificate chain is complete
and correct.
# openxpkiadm certificate list --realm democa -v -v
Certificates in democa:
Identifier: IC6oLFDYdHybpJ4xwclmCOgQO9w
Alias:
vault-1
Subject:
CN=DataVault
Issuer DN:
CN=DataVault
Chain:
IC6oLFDYdHybpJ4xwclmCOgQO9w(complete)
Identifier: OfdNydD4PfjsPh06Te0qh8dn_Kw
Alias:
root-1
Subject:
CN=OpenXPKI Root DUMMY CA 1,OU=PKI,O=OpenXPKI,C=DE
Issuer DN:
CN=OpenXPKI Root DUMMY CA 1,OU=PKI,O=OpenXPKI,C=DE
Chain:
OfdNydD4PfjsPh06Te0qh8dn_Kw(complete)
Identifier: ctK9f4qbA2-d8heTMBu1P365Ckc
Alias:
ca-signer-1
Subject:
CN=democa_i.harte-lyne.ca,OU=IT,O=Harte & Lyne Demo,C=CA
Issuer DN:
CN=OpenXPKI Root DUMMY CA 1,OU=PKI,O=OpenXPKI,C=DE
Chain:
ctK9f4qbA2-d8heTMBu1P365Ckc -> OfdNydD4PfjsPh06Te0qh8dn_Kw(complete)
So, why does openxppkiadm certificate import not see it?
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
Unencrypted messages have no legal claim to privacy
Do NOT open attachments nor follow links sent by e-Mail
James B. Byrne mailto:[email protected]
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
