Hello Oliver,
the problem is that the documentation has a lot of errors and is missing
a lot:
I really tried to follow the all steps in README.md
<https://github.com/openxpki/openxpki-config/blob/community/README.md> and
QUICkSTART.md
<https://github.com/openxpki/openxpki-config/blob/community/QUICKSTART.md> to
initial create my realm.
But it is impossible to get it to work:
1.) When creating a key/cert the commands create files vault-1.pem and
vault-1.crt. But already the next step uses file vault.pem and vault.crt
... (OK, not a big problem but not good, when providing a copy button)
2.) After importing the certificate I should check with ```oxi api
get_token_info --realm democa -- alias=ca-signer-13```, but it creates
the following error:
TokenManager failed to create token for ca-signer-13; __ERRVAL__ => No
certificate found for given alias; __alias__ => ca-signer-13
If I try to check the aliases for my domain with ```openxpkiadm alias
--real democa```
I get:
=== functional token ===
svault (datasafe):
Alias : svault-1
Identifier: 5yf1ovqpfe0p7zy8FjUmhh-L96g
NotBefore : 2025-12-08 08:46:37
NotAfter : 2026-12-08 08:46:37
ca-signer (certsign):
Alias : ca-signer-1
Identifier: aebqYQ1WlzrkQNPb6Tgsiq5prNY
NotBefore : 2025-01-27 17:06:05
NotAfter : 2035-01-25 17:06:05
ratoken (cmcra):
not set
ratoken (scep):
not set
=== root ca ===
current root ca:
Alias : root-1
Identifier: aebqYQ1WlzrkQNPb6Tgsiq5prNY
NotBefore : 2025-01-27 17:06:05
NotAfter : 2035-01-25 17:06:05
upcoming root ca:
not set
So there is no alias ca-signer-13
But adjusting this to ca-signer-1 gives the next error:
vault instance id does not match id of encypted data
Sorry, but the documentation might be helpful if you are already
Openxpki professional but not for a starter with > 30 years working as a
sysadmin
in Linux and some experiences with PKI and certificates ...
And when I can't find a solution in the docs which I always check before
asking I try to ask a AI to find maybe a solution.
Greetings,
Thomas
Am 05.12.25 um 19:37 schrieb Oliver Welter:
Hi,
as already said - please use docs and not AI generated configs and as
your config snippets do not match the errror message it is impossible
to help.
best regards
Oliver
On 12/3/25 10:07, Thomas Gebert wrote:
Hello,
I get the following error while starting the server:
Dec 03 08:56:25 test-keycloak02.testing.edubw.link
openxpkictl[278617]: Exception during server initialization: No type
given for authentication handler BasicAuth (No type given for
authentication handler BasicAuth) at
/usr/share/perl5/OpenXPKI/Server.pm line 801, <DATA> line 1.
But there are types given for the stack and the handler:
stack.yaml:
_System:
handler: System
default:
handler: BasicAuth
BasicAuth:
handler: ExternalAuth
type: NoAuth
label: "Keycloak SSO"
param:
envkeys:
username: REMOTE_USER
email: OIDC_CLAIM_email
role: OPENXPKI_SSO_ROLE
handler.yaml:
# Those stacks are usually required so you should not remove them
Anonymous:
type: Anonymous
label: Anonymous
System:
type: Anonymous
role: System
# Read the userdata from a YAML file defined in auth/connector.yaml
LocalPassword:
type: Password
user@: connector:auth.connector.userdb
ExternalAuth:
label: Keycloak SSO (NoAuth)
class: OpenXPKI::Server::Authentication::NoAuth
type: NoAuth
So I don't understand the error in the log.
What is wrong here?
Kind regards,
Thomas
--
Heinlein Consulting GmbH
Schwedter Str. 8/9b, 10119 Berlin
https://www.heinlein-support.de
Tel: 030 / 40 50 51 - 0
Fax: 030 / 40 50 51 - 19
Amtsgericht Berlin-Charlottenburg - HRB 220009 B
Geschäftsführer: Peer Heinlein - Sitz: Berlin
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
