Hi Oliver, Thanks for the pointer, it was however a far simpler issue: I was being a silly goose. I'd assigned read permissions to the wrong group, openxpki instead of openxpkiclient which I'd added my user to. ________________________________ Från: Oliver Welter <[email protected]> Skickat: den 17 oktober 2025 16:48 Till: [email protected] <[email protected]> Ämne: Re: [OpenXPKI-users] Issue importing certificates on fresh install
Hello Christopher, well then filename is indeed not matching the creation command, but other that that it works here without any issues: oxi certificate add --cert vault-1.crt --- authority_key_identifier: 24:AA:A9:CD:93:26:B3:C7:0E:81:BA:91:E1:94:85:DB:E9:A6:E4:03 cert_key: '144190056262678494722881524214083757204349808996' identifier: 2tXmBAP2H1WohVH1VGUfcGK54lE issuer_dn: CN=DataVault issuer_identifier: 2tXmBAP2H1WohVH1VGUfcGK54lE notafter: 1792248381 notbefore: 1760712381 status: ISSUED subject: CN=DataVault subject_key_identifier: 24:AA:A9:CD:93:26:B3:C7:0E:81:BA:91:E1:94:85:DB:E9:A6:E4:03 The certificate file should contain a PEM encoded certificate, can you check this please? Oli On 10/16/25 09:22, Kristoffer Nilsson wrote: I'm setting up an OpenXPKI instance on a freshly installed Debian Bookworm installation but I'm running into an issue when creating and attempting to import the datavault token. I've followed the instructions in the quickstart to create the datavault token key for the assymetric vault but I am unable to add the certificate using the supplied command. No matter what way I type out the certificate path I get the error "The value for parameter *cert* does not match the expected type/pattern." Running the oxi command with the verbose flags did not offer me much assistance in figuring out what I did wrong. I've also made sure that the overall configuration is OK by running the "openxpkiadm lintconfig" command. There is also nothing written to the openxpki-server or openxpki-client logs when the "oxi certificate add" command is executed. Commands used: $ mkdir -p -m755 /etc/openxpki/local/keys $ cd /etc/openxpki/local/keys $ openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:3072 -aes-256-cbc \ -out vault-1.pem $ openssl req -config /etc/openxpki/contrib/vault.openssl.cnf -x509 -days 365 \ -key vault-1.pem -out vault-1.crt $ oxi certificate add --cert vault.crt also tried with: $ oxi certificate add --cert vault-1.crt Any idea where I'm going wrong or what may cause this particular error message? _______________________________________________ OpenXPKI-users mailing list [email protected]<mailto:[email protected]> https://lists.sourceforge.net/lists/listinfo/openxpki-users -- Protect your environment - close windows and adopt a penguin!
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
