On Wed, April 3, 2024 17:30, Oliver Welter wrote:
> the system is not really designed to work with externally provided
certificates, it is a PKI that manages the certificate lifecycle. . .
Tracking down the CRL problem with democa I found
./config.d/realm/democa/publishing.yaml which contains this:
crl:
crl@: connector:publishing.connectors.cdp
cdp:
class: Connector::Builtin::File::Path
LOCATION: /var/www/download/
file: "[% ARGS.0.replace('[^\\w-]','_') %].crl"
content: "[% der %]"
There is no /var/www/ directory on FreeBSD as shipped. Instead the html root
is /usr/local/www/. I created /usr/local/www/download/
# ll -d /usr/local/www/download
drwxr-xr-x 2 root wheel 2 Apr 4 12:39 /usr/local/www/download
and altered publishing.yaml to
cdp:
class: Connector::Builtin::File::Path
LOCATION: /usr/local/www/download/
file: "[% ARGS.0.replace('[^\\w-]','_') %].crl"
content: "[% der %]"
But still get the same result.
2024/04/04 14:05:33 9215 Publication failed for target disk-der, requeuing
2024/04/04 14:05:33 9215 Publication failed for target disk-pem, requeuing
2024/04/04 14:05:33 9215 Retry exceeded on action capub_publish_cacert
What needs to be changed?
--
*** e-Mail is NOT a SECURE channel ***
Do NOT transmit sensitive data via e-Mail
Unencrypted messages have no legal claim to privacy
Do NOT open attachments nor follow links sent by e-Mail
James B. Byrne mailto:byrn...@harte-lyne.ca
Harte & Lyne Limited http://www.harte-lyne.ca
9 Brockley Drive vox: +1 905 561 1241
Hamilton, Ontario fax: +1 905 561 0757
Canada L8E 3C3
_______________________________________________
OpenXPKI-users mailing list
OpenXPKI-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openxpki-users
