Hi, After setting up a new VM and comparing the two, I figured out the issue was with apache; openxpki site configuration file did not correctly get replaced with a symlink to the new location during *apt install* and caused the aforementioned error. Once fixed, I can finally access the application properly again. However, I am left with one last issue (hopefully): After logging out from a realm or using reset login after selecting a realm, I am not able to go back to realm selection without clearing session cookies. Is this a bug?
best regards, Pekka On Wed, Apr 22, 2026 at 4:44 PM Pekka Länsiaho <[email protected]> wrote: > Hello, > > I ruled out the browser cookie by trying out different browsers and > incognito mode. Results are mostly the same, but there was no SessionCookie > error in webui.log. > After that, I went through the socket settings again, just in case, but > couldn't pinpoint a leftover setting anywhere. Then I walked back the whole > install process and lo-and-behold: Even a demo / sampleconfig fresh install > is no different. I deleted mariadb database, /var/log/openxpki* > -directories and /etc/openxpki -directory, reinstalled debian packages, > rebuilt schemas and ran sampleconfig.sh after the initial setup steps from > debian quickstart section -- And I still get the same result, albeit now I > have nothing indicating an error in logs, since the > earlier /var/log/openxpki/webui.log no longer exists by default. > > I will fire up a fresh debian VM and see if I can replicate the behaviour, > but other ideas are welcome in the meantime. > > Also, let me ask just in case: Did you provide tools for easier upgrade to > 3.32 in enterprise environments? If the experience is better there, I might > have something to discuss with our mr. moneybags :) > > best regards, > Pekka > > > On Mon, Apr 20, 2026 at 7:30 PM Oliver Welter <[email protected]> wrote: > >> Hi Pekka, >> >> did you try to clear your browser cookies? This sounds a bit like you >> have changed the settings for the session management and now the system >> tries to decode/decrypt stuff from an older session/setting. >> >> Oliver >> On 4/17/26 11:27, Pekka Länsiaho wrote: >> >> Hello again, >> >> We have been a bit slow with the system updates, and since v3.32 was a >> breaking change we had to put off updates entirely for a while, so I am >> trying to remediate that now. >> I have managed to upgrade configuration following instructions in the >> change log >> https://openxpki.readthedocs.io/en/master/upgrading.html#release-v3-32, >> and got both server and client services running after upgrade to v3.32.15 >> and using community config v3.32.8. (Old system version was v3.30.9, not >> quite sure which config version, but I believe the community branch commit >> was 17b96e5) >> System is running Debian 12.13. >> >> *openxpkictl status server* and *client* both report running and >> accepting requests, and both clients and serviced logs have no indication >> of errors. >> >> However, when accessing webui at >> https://openxpki/webui/index/#/openxpki/welcome, application error >> appears: "*The webserver did not return the expected data. Possible >> causes: OpenXPKI client is not running; authentication session has expired; >> an internal error. HTTP code: 503*". >> >> And upon inspecting /var/log/openxpki/webui.log, I am met with these >> lines: >> *ERR Unable to decrypt cookie (AES: Data size must be multiple of >> blocksize (16 bytes) at /usr/share/perl5/Crypt/CBC.pm line 492.) at >> /usr/share/perl5/OpenXPKI/Client/Service/WebUI/SessionCookie.pm line 214.* >> *ERR Error creating backend client: Unable to connect to socket >> [sid=....]* >> *ERR Backend service is not reachable or not responding [sid=....]* >> >> I tried to look at the newly provided 'sampleconfig.sh' file to see if >> there was a step I might have missed compared to a fresh system install, >> but couldn't immediately point to any particular step, unfortunately. >> >> Help would be much appreciated, my eyes grow tired of comparing things. >> >> >> best regards, >> Pekka >> >> >> _______________________________________________ >> OpenXPKI-users mailing >> [email protected]https://lists.sourceforge.net/lists/listinfo/openxpki-users >> >> -- >> Protect your environment - close windows and adopt a penguin! >> >> _______________________________________________ >> OpenXPKI-users mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/openxpki-users >> >
_______________________________________________ OpenXPKI-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openxpki-users
