Re: [OpenXPKI-users] issue with openxpki

Wed, 07 May 2025 13:53:09 -0700 

Hi
pass:env reads the password from the environment as set via the secret manager from OpenXPKI. Either your Key and Certificate do not match or the password does not unlock the key. 

Olier


On 07.05.25 17:38, Axel Biegalski via OpenXPKI-users wrote:


Hi,


I’m currently setting up a PKI on my infra using OPENXPKI solution and 
I’m facing an issue that I didn’t manage to solve so far. I set up the 
pki based on the demo ca config files and tinkered it to my realm. I 
generated self-signed certificates (namely rootCA.crt , vault-1.crt, 
ca-signer-1.crt) using openssl and imported its into my pki db 
following online documentation and using cli tool (readthedoc).  Once 
logged in onto the webgui I got satisfying status for my certificates 
(datasafe and certsign) whom are depicted as ONLINE. Nonetheless when 
I tried to issue certificates I got the error below into my 
catchalllog file :



/‘ 2025/05/07 17:19:53 openxpki.system.ERROR 
I18N_OPENXPKI_CRYPTO_CLI_EXECUTE_FAILED; __COMMAND__ => cms -decrypt 
-inform PEM -inkey /etc/openxpki/local/keys/vault-1.pem -recip 
/var/tmp/openxpki1616884y1wOp_Dh -in /var/tmp/openxpki1616884mr7I581f 
-out /var/tmp/openxpki1616884Eohu2ecA -passin env:pwd, __EXIT_STATUS__ 
=> 1024 [pid=1616884|sid=f138|rid=557338c618a0|pki_realm=snowball]/



/2025/05/07 17:19:53 openxpki.system.ERROR 
I18N_OPENXPKI_TOOLKIT_COMMAND_FAILED; __COMMAND__ => 
OpenXPKI::Crypto::Backend::OpenSSL::Command::pkcs7_decrypt, __ERRVAL__ 
=> I18N_OPENXPKI_CRYPTO_CLI_EXECUTE_FAILED; __COMMAND__ => cms 
-decrypt -inform PEM -inkey /etc/openxpki/local/keys/vault-1.pem 
-recip /var/tmp/openxpki1616884y1wOp_Dh -in 
/var/tmp/openxpki1616884mr7I581f -out /var/tmp/openxpki1616884Eohu2ecA 
-passin env:pwd, __EXIT_STATUS__ => 1024 
[pid=1616884|sid=f138|rid=557338c618a0|pki_realm=snowball]/


/root@pki:~/certifpki#’ /

//


I can’t understand what’s the role of the pwd env variable inso far as 
in my crypto.yaml files I used the default password ‘root’ at initial. 
Also I tried to set de pwd env variable at ‘root’ manually but always 
got the error mentioned. I checked that the .pem key I put on the 
right place is well associated with my crt file vault-1.crt that I 
imported , which is the case. Hence I don’t understand what did I missed .


Perhaps could you please help me out ?

Regards,

Axel Biegalski

Cybersecurity Engineer



_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users



--
Protect your environment -  close windows and adopt a penguin!

_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users






















					Reply via email to