Date: Fri, 01 Oct 2021 04:51:06 +0000 From: bugzilla-noreply@freebsd.org To: ports-bugs@FreeBSD.org Subject: [Bug 258827] security/step-certificates: step-ca fails to start in the init process included SSH certs Message-ID: <bug-258827-7788@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D258827 Bug ID: 258827 Summary: security/step-certificates: step-ca fails to start in the init process included SSH certs Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: ports-bugs@FreeBSD.org Reporter: vendion@gmail.com CC: mw@wipp.bayern CC: mw@wipp.bayern Flags: maintainer-feedback?(mw@wipp.bayern) After installing security/step-certificates 0.17.2, I noticed that the defa= ult step-ca rc script didn't include the "--ssh" flag to also have it generate = SSH certificate authority files as well. After editing /usr/local/etc/rc.d/step-ca and adding "--ssh" to the "/usr/local/bin/step ca init" line, and running service step-ca start I am = able to get through the init process and it successfully generates the files und= er /usr/local/etc/step with a couple of issues. > Generating root certificate... done! > Generating intermediate certificate... done! > Generating user and host SSH certificate signing keys... done! > =E2=9C=94 Root certificate: /usr/local/etc/step/ca/certs/root_ca.crt =E2=9C=94 Root private key: /usr/local/etc/step/ca/secrets/root_ca_key =E2=9C=94 Root fingerprint: 0e2c650bc2dec4e62d47bdf7dac269a2b046d97c98844fea62bc969bacc36057 =E2=9C=94 Intermediate certificate: /usr/local/etc/step/ca/certs/intermedia= te_ca.crt > =E2=9C=94 Intermediate private key: /usr/local/etc/step/ca/secrets/interm= ediate_ca_key > =E2=9C=94 SSH user public key: /usr/local/etc/step/ca/certs/ssh_user_ca_k= ey.pub > =E2=9C=94 SSH user private key: /usr/local/etc/step/ca/secrets/ssh_user_c= a_key > =E2=9C=94 SSH host public key: /usr/local/etc/step/ca/certs/ssh_host_ca_k= ey.pub > =E2=9C=94 SSH host private key: /usr/local/etc/step/ca/secrets/ssh_host_c= a_key > =E2=9C=94 Database folder: /usr/local/etc/step/ca/db > =E2=9C=94 Templates folder: /usr/local/etc/step/ca/templates > =E2=9C=94 Default configuration: /usr/local/etc/step/ca/config/defaults.j= son > =E2=9C=94 Certificate Authority configuration: /usr/local/etc/step/ca/con= fig/ca.json > > Your PKI is ready to go. To generate certificates for individual services= see > 'step help ca'. > > FEEDBACK =F0=9F=98=8D =F0=9F=8D=BB > The step utility is not instrumented for usage statistics. It does not ph= one > home. But your feedback is extremely valuable. Any information you can pr= ovide > regarding how you=E2=80=99re using `step` helps. Please send us a sentenc= e or two, > good or bad at feedback@smallstep.com or join GitHub Discussions > https://github.com/smallstep/certificates/discussions and our Discord=20 > https://u.step.sm/discord. > Step CA Password file for auto-start not found > Creating it.... > Please enter the Step CA Password: >=20 > Starting step_ca. > step_ca is not running. Issue #1) > Oct 1 00:38:28 ops step_ca[7822]: error opening /usr/local/etc/step/ca/c= onfig/ca.json: open /usr/local/etc/step/ca/config/ca.json: permission denied This is caused by the permissions to /usr/local/etc/step being wrong > drwx------ 3 root wheel 4B Oct 1 00:38 step Fix: chmod go+rx /usr/local/etc/step Issue #2) > Oct 1 00:39:17 ops step_ca[7846]: error reading templates/ssh/include.tp= l: stat /.step/templates/ssh/include.tpl: no such file or directory Not sure why it is not using the template directory of /usr/local/etc/step/ca/templates Fix: ? --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-258827-7788>