Hello,
I run into the following error during trying to (automatically) sign a
CSR for the factory_ca realm
2021/12/09 10:42:36 255 start cert issue for serial 255, workflow 255
2021/12/09 10:42:36 255 NICE backend error: Could not find token alias
by group; __group__ => ca-signer, __noafter__ => 1670578956,
__notbefore__ => 1639042956, __pki_realm__ => factory_ca
Now I found someone with similar error in the mailing archive, which
tells you to check the crypto.yml in your realm to make sure they align.
My config.d/realm/factory_ca/crypto.yaml head:
type:
certsign: ca-signer
datasafe: vault
cmcra: ratoken
scep: scep
token:
...
ca-signer:
inherit: default
key_store: DATAPOOL
key: "[% ALIAS %]"
secret: ca-signer
...
I checked the ca-signer inside openxpki client and it is Online under
name ca-signer-1
Which you can also see in the listing of the realm
ca-signer (certsign):
Alias : ca-signer-1
Identifier: m8UxpPiH9ux60PrL3_c0NDkiRDg
NotBefore : 2021-12-09 09:23:55
NotAfter : 2022-12-09 09:23:55
As far As I found in documentation. You dont need to update the -1 -2
etc on rollover.
What am i missing here?
With kind regards,
Hans de Jong
_______________________________________________
OpenXPKI-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openxpki-users
