Menu
▾
▴
Re: [OpenXPKI-users] Issue importing certificates on fresh install
|
From: Oliver W. <ma...@ol...> - 2025-10-20 07:07:34
|
Hi Kristoffer, so the problem was missing read permission? Looks like we need to imrpove the error handling a bit ;) Oliver On 10/20/25 08:35, Kristoffer Nilsson wrote: > Hi Oliver, > > Thanks for the pointer, it was however a far simpler issue: I was > being a silly goose. I'd assigned read permissions to the wrong group, > openxpki instead of openxpkiclient which I'd added my user to. > ------------------------------------------------------------------------ > *Från:* Oliver Welter <ma...@ol...> > *Skickat:* den 17 oktober 2025 16:48 > *Till:* ope...@li... > <ope...@li...> > *Ämne:* Re: [OpenXPKI-users] Issue importing certificates on fresh > install > > Hello Christopher, > > > well then filename is indeed not matching the creation command, but > other that that it works here without any issues: > > > oxi certificate add --cert vault-1.crt > > --- > authority_key_identifier: > 24:AA:A9:CD:93:26:B3:C7:0E:81:BA:91:E1:94:85:DB:E9:A6:E4:03 > cert_key: '144190056262678494722881524214083757204349808996' > identifier: 2tXmBAP2H1WohVH1VGUfcGK54lE > issuer_dn: CN=DataVault > issuer_identifier: 2tXmBAP2H1WohVH1VGUfcGK54lE > notafter: 1792248381 > notbefore: 1760712381 > status: ISSUED > subject: CN=DataVault > subject_key_identifier: > 24:AA:A9:CD:93:26:B3:C7:0E:81:BA:91:E1:94:85:DB:E9:A6:E4:03 > > > The certificate file should contain a PEM encoded certificate, can you > check this please? > > > Oli > > > On 10/16/25 09:22, Kristoffer Nilsson wrote: >> I'm setting up an OpenXPKI instance on a freshly installed Debian >> Bookworm installation but I'm running into an issue when creating and >> attempting to import the datavault token. >> >> I've followed the instructions in the quickstart to create the >> datavault token key for the assymetric vault but I am unable to add >> the certificate using the supplied command. No matter what way I type >> out the certificate path I get the error "The value for parameter >> *cert* does not match the expected type/pattern." >> >> Running the oxi command with the verbose flags did not offer me much >> assistance in figuring out what I did wrong. I've also made sure that >> the overall configuration is OK by running the "openxpkiadm >> lintconfig" command. There is also nothing written to the >> openxpki-server or openxpki-client logs when the "oxi certificate >> add" command is executed. >> >> Commands used: >> >> $ mkdir -p -m755 /etc/openxpki/local/keys >> $ cd /etc/openxpki/local/keys >> $ openssl genpkey -algorithm RSA -pkeyopt rsa_keygen_bits:3072 >> -aes-256-cbc \ >> -out vault-1.pem >> $ openssl req -config /etc/openxpki/contrib/vault.openssl.cnf -x509 >> -days 365 \ >> -key vault-1.pem -out vault-1.crt >> $ oxi certificate add --cert vault.crt >> >> also tried with: >> >> $ oxi certificate add --cert vault-1.crt >> >> Any idea where I'm going wrong or what may cause this particular >> error message? >> >> >> _______________________________________________ >> OpenXPKI-users mailing list >> Ope...@li... <mailto:Ope...@li...> >> https://lists.sourceforge.net/lists/listinfo/openxpki-users <https://lists.sourceforge.net/lists/listinfo/openxpki-users> > -- > Protect your environment - close windows and adopt a penguin! > > > _______________________________________________ > OpenXPKI-users mailing list > Ope...@li... > https://lists.sourceforge.net/lists/listinfo/openxpki-users -- Protect your environment - close windows and adopt a penguin! |
