Could not find server key on iocage FreeBSD


#1

Hi everyone,
I’m trying to install passbolt in iocage FreeBSD 11.1 with apache 2.4 and php 7.2
It ends with ‘Error: Could not find server key’ right after the creation of the first user on login url.
I followed this topic : ttps://help.passbolt.com/hosting/install/ce/from-source
FYI, due to be in jail, I have to add --pinentry-mode loopback in gpg command

ports about gnupg

pkg install gnupg php72-pecl-gnupg

config/passbolt.php

‘serverKey’ => [
// Server private key fingerprint.
‘fingerprint’ => ‘my beautiful fingerprint’,
‘public’ => CONFIG . ‘gpg’ . DS . ‘serverkey.asc’,
‘private’ => CONFIG . ‘gpg’ . DS . ‘serverkey_private.asc’,

fingerprint

su - www -c ‘gpg --pinentry-mode loopback --gen-key’

serverkey.asc

su - www -c ‘gpg --armor --export postmaster@domain.local > gpg --armor --export postmaster@domain.local > /usr/local/www/apache24/data/passbolt/config/gpg/serverkey.asc’

serverkey_private.asc

su - www -c ‘gpg --armor --export-secret-keys postmaster@domain.local > /usr/local/www/apache24/data/passbolt/config/gpg/serverkey_private.asc’

passbolt/logs/error.log

2018-11-23 17:02:05 Error: [Cake\Network\Exception\InternalErrorException] The OpenPGP server key defined in the config could not be found in the GnuPG keyring.
Request URL: /auth/verify.json?api-version=v1

bin/cake passbolt healthcheck

su - www -c ‘/usr/local/www/apache24/data/passbolt/bin/cake passbolt healthcheck’

Environment

[PASS] PHP version 7.2.10.
[PASS] PCRE compiled with unicode support.
[PASS] The temporary directory and its content are writable.
[PASS] The public image directory and its content are writable.
[PASS] The logs directory and its content are writable.
[PASS] GD or Imagick extension is installed.
[PASS] Intl extension is installed.
[PASS] Mbstring extension is installed.

Config files

[PASS] The application config file is present
[PASS] The passbolt config file is present

Core config

[PASS] Debug mode is off.
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to ttps://passbolt.domain.local
[PASS] App.fullBaseUrl validation OK.
[PASS] /healthcheck/status is reachable.

SSL Certificate

[FAIL] SSL peer certificate does not validate
[FAIL] Hostname does not match when validating certificates.
[WARN] Using a self-signed certificate
[HELP] fopen(): SSL operation failed with code 1. OpenSSL Error messages:
error:14090086:SSL routines:ssl3_get_server_certificate:certificate verify failed
fopen(): Failed to enable crypto
fopen(ttps://passbolt.domain.local/healthcheck/status.json): failed to open stream: operation failed

Database

[PASS] The application is able to connect to the database
[PASS] 18 tables found
[PASS] Some default content is present
[PASS] The database schema up to date.

GPG Configuration

[PASS] PHP GPG Module is installed and loaded.
[PASS] The environment variable GNUPGHOME is set to /home/www/.gnupg.
[PASS] The directory /home/www/.gnupg containing the keyring is writable by the webserver user.
[PASS] The server gpg key is not the default one
[PASS] The public key file is defined in config/passbolt.php and readable.
[PASS] The private key file is defined in config/passbolt.php and readable.
[PASS] The server key fingerprint matches the one defined in config/passbolt.php.
[PASS] The server public key defined in the config/passbolt.php is in the keyring.
[PASS] There is a valid email id defined for the server key.
[PASS] The public key can be used to encrypt a message.
[PASS] The private key can be used to sign a message.
[PASS] The public and private keys can be used to encrypt and sign a message.
[PASS] The private key can be used to decrypt a message.
[PASS] The private key can be used to decrypt and verify a message.
[PASS] The public key can be used to verify a signature.

Application configuration

[PASS] Using latest passbolt version (2.5.0).
[PASS] Passbolt is configured to force SSL use.
[PASS] App.fullBaseUrl is set to HTTPS.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[PASS] Registration is closed, only administrators can add users.
[PASS] Serving the compiled version of the javascript app
[PASS] All email notifications will be sent.

2 error(s) found. Hang in there!

I don’t know where is the mistake
Thanks


FreeBSD Error: Cloud not find server key
#2

Hi!

Could you confirm that the keys are on the http user gnupg keyring?

su -c "gpg -K" -s _path_to_shell_binary_ _your_http_user_

If they keys aren’t present you could import them using:

su -c "gpg --batch --import _path_of_your_gpg_key" -s _path_to_shell_binary_ _your_http_user_

Cheers.


#3

Hi,
I confirm that the keys are on http user : www

root@passbolt:~ # ps aux | grep www
www 47253 0.0 0.2 320740 29336 - IJ 10:58 0:00.13 /usr/local/sbin/httpd -DNOHTTPACCEPT
www 47254 0.0 0.1 286208 18792 - IJ 10:58 0:00.01 /usr/local/sbin/httpd -DNOHTTPACCEPT
www 47255 0.0 0.1 286208 18796 - IJ 10:58 0:00.01 /usr/local/sbin/httpd -DNOHTTPACCEPT
www 47256 0.0 0.1 286208 18540 - IJ 10:58 0:00.00 /usr/local/sbin/httpd -DNOHTTPACCEPT
www 47257 0.0 0.1 286208 18748 - IJ 10:58 0:00.00 /usr/local/sbin/httpd -DNOHTTPACCEPT
www 47268 0.0 0.2 318692 27276 - IJ 10:58 0:00.05 /usr/local/sbin/httpd -DNOHTTPACCEPT
www 47272 0.0 0.1 290432 22840 - SJ 10:58 0:00.05 /usr/local/sbin/httpd -DNOHTTPACCEPT
www 47273 0.0 0.1 286208 18528 - IJ 10:58 0:00.00 /usr/local/sbin/httpd -DNOHTTPACCEPT
www 47274 0.0 0.1 286208 18532 - IJ 10:58 0:00.00 /usr/local/sbin/httpd -DNOHTTPACCEPT
www 47275 0.0 0.1 286208 18532 - IJ 10:58 0:00.00 /usr/local/sbin/httpd -DNOHTTPACCEPT
www 56422 0.0 0.0 33656 3252 - SsJ 12:17 0:00.14 gpg-agent --homedir /home/www/.gnupg --use-standard-socket --daemon
www 56475 0.0 0.0 35392 2976 - IJ 12:17 0:00.05 scdaemon --multi-server
root 68016 0.0 0.0 14828 1928 0 S+J 13:58 0:00.00 grep www

or

root@passbolt:~ # grep User /usr/local/etc/apache24/httpd.conf
User www

or

root@passbolt:~ # su - www -c ‘gpg -K’
gpg: Warning: using insecure memory!
/home/www/.gnupg/pubring.kbx

sec rsa2048 2018-11-23 [SC] [expires: 2020-11-22]
my beautiful fingerprint
uid [ultimate] passbolt postmaster@domain.local
ssb rsa2048 2018-11-23 [E] [expires: 2020-11-22]


#4

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.