Installing OpenXPKI CA
- Connect the machine using PuTTY or another client.From the client, run thesudo su -command to go to the root user.Enter the root password.Innano /etc/apt/sources.list, change the source for installing the updates.Update the file. For example:# # deb cdrom:[Debian GNU/Linux testing _Buster_ - Official Snapshot amd64 DVD Binary-1 20190527-04:04]/ buster contrib main # deb cdrom:[Debian GNU/Linux testing _Buster_ - Official Snapshot amd64 DVD Binary-1 20190527-04:04]/ buster contrib main deb http://security.debian.org/debian-security buster/updates main contrib deb-src http://security.debian.org/debian-security buster/updates main contrib # buster-updates, previously known as 'volatile' # A network mirror was not selected during install. The following entries # are provided as examples, but you should amend them as appropriate # for your mirror of choice. # deb http://ftp.debian.org/debian/ buster-updates main deb-src http://ftp.debian.org/debian/ buster-updates main deb http://ftp.us.debian.org/debian/ buster mainSave the file.Run the following commands:
- apt-get update
- apt-get upgrade
Update the CA certificate lists in the server usingapt-get install ca-certificates.Installen_US.utf8 localeusingdpkg-reconfigure locales.Select theen_US.UTF-8 UTF-8locale, and then make it the default locale for the system.Use the Tab and spacebar keys for selecting and navigating the menu.Check the locales that you have generated usinglocale –a.Sample outputC C.UTF-8 en_IN en_IN.utf8 en_US.utf8 POSIXCopy the fingerprint of the OpenXPKI package usingnano /home/Release.key. For this instance, copy the key in/home.Type55D89776 006F632B E0196E3E D2495509 BAFDDC74 22FEAAD2 F055074E 0FE3A724as the value.Run the following command:gpg --print-md sha256 /home/Release.keyAdd the package using thewget https://packages.openxpki.org/v3/debian/Release.key -O - | apt-key add -command.Add the repository to your source list (buster) usingecho " deb http://packages.openxpki.org/v3/debian/ buster release" > /etc/apt/sources.list.d/openxpki.list, and thenapt update.Install MySQL and Perl MySQL binding usingapt install mariadb-server libdbd-mariadb-perl.Install apache2.2-common usingapt install apache2.Innano /etc/apt/sources.list, install the fastcgi module to speed up the user interface.We recommend usingmod_fcgid.Add thedeb http://http.us.debian.org/debian/ buster mainline in the file, and then save it.Run the following commands:apt-get updateapt install libapache2-mod-fcgidEnable the fastcgi module usinga2enmod fcgid.Install the OpenXPKI core package usingapt install libopenxpki-perl openxpki-cgi-session-driver openxpki-i18n.Restart the Apache® server usingservice apache2 restart.Check whether the installation is successful usingopenxpkiadm version.If the installation is successful, then the system shows the version of the installed OpenXPKI. For example,Version (core): 3.18.2.Create the empty database, and then assign the database user usingmariadb -u root -p.- This command must be typed in the client. Otherwise, you cannot enter the password.
- Type the password for the MySQL. For this instance,rootis the MySQL user.
- openxpkiis the user on which OpenXPKI is installed.
CREATE DATABASE openxpki CHARSET utf8; CREATE USER 'openxpki'@'localhost' IDENTIFIED BY 'openxpki'; GRANT ALL ON openxpki.* TO 'openxpki'@'localhost'; flush privileges;If the MySQL service is not running, then run/etc/init.d/mysql startto start the service.Typequitto exit from MySQL.Store the used credentials in/etc/openxpki/config.d/system/database.yaml.Sample file contentmain: debug: 0 type: MariaDB name: openxpki host: localhost port: 3306 user: openxpki passwd: openxpkiChangeuserandpasswdto match the MariaDB user name and password.Save the file.For empty database schema, runzcat /usr/share/doc/libopenxpki-perl/examples/schema-mariadb.sql.gz | \ mysql -u root --password --database openxpkifrom the provided schema file.Type the password for the database.