[OpenXPKI-users] Unable to load key from datapool;

Mon, 01 Apr 2024 12:39:12 -0700 

I resolved the 'The requested URL has no service assigned.' error.  This was
caused by having the realm_mode set to path in webui/default.conf and not
having the hll_ca2016 realm actually mapped.  I switch back to the default
'select' mode.

Now I had a working system I decided to attempt to load our old certificates. 
This I did using the following.

for CF in hllcerts/*.pem
do
  openxpkiadm alias   --realm hll_ca2016   --token certsign   --file "$CF"
done


They all loaded successfully.  However, I suspect that I used the wrong token. 
It appears that these were all loaded as CAs and are obviously missing their
private keys.  This is evidenced by the following errors in
/va/log/openxpki/stderr.log:

. . .
2024/04/01 14:59:58 ERROR I18N_OPENXPKI_TOOLKIT_COMMAND_FAILED; __COMMAND__ =>
OpenXPKI::Crypto::Backend::OpenSSL::Command::pkcs7_sign, __ERRVAL__ => Unable
to load key from datapool; __KEY__ => ca-signer-60 [pid=64808|sid=0Hbb]

2024/04/01 14:59:58 ERROR Unable to load key from datapool; __KEY__ =>
ca-signer-59 [pid=64808|sid=0Hbb]

2024/04/01 14:59:58 ERROR I18N_OPENXPKI_TOOLKIT_COMMAND_FAILED; __COMMAND__ =>
OpenXPKI::Crypto::Backend::OpenSSL::Command::pkcs7_sign, __ERRVAL__ => Unable
to load key from datapool; __KEY__ => ca-signer-59 [pid=64808|sid=0Hbb]


So, my question is: what token am I supposed to use to load existing end-user
certificates?  Or am I not supposed to specify a token at all?

I can delete all these and start over but I need to get clear in my head what
these okens mean and how they are intended to be used.  With respect to openxpi
what is the relationship of the ca-signer token to the certificates it signed? 
What command should I have used?

Thanks,



-- 
***          e-Mail is NOT a SECURE channel          ***
        Do NOT transmit sensitive data via e-Mail
   Unencrypted messages have no legal claim to privacy
 Do NOT open attachments nor follow links sent by e-Mail

James B. Byrne                mailto:[email protected]
Harte & Lyne Limited          http://www.harte-lyne.ca
9 Brockley Drive              vox: +1 905 561 1241
Hamilton, Ontario             fax: +1 905 561 0757
Canada  L8E 3C3



_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users

Reply via email to