Server key fingerprint doesn't match

OVHDavid · November 15, 2017, 2:36pm

Server Configuration:
Debian 9.2.1
Apache 2.4.25
mySQL 10.1.26
PHP Version 7.0.19-1
Passbolt Version: Not installed yet

When running install (or healthcheck), I get an error that “The server key fingerprint doesn’t match the one defined in app/config.php”. I’ve looked for that file and can’t find it. I’ve gone through where I created the GPG key and done it a few times. I’ve edited the php file to have the correct GPG key each time still with the same error. I’ve got to be missing something simple. I followed the guide on medium.

NOTE: Since I’m a new user, it tells me I can only have two links in my message. I’m changing the // to –

Here are the results for the healthcheck:

Environment

[PASS] PHP version 7.0.19-1
[PASS] PCRE compiled with unicode support
[PASS] The temporary directory and its content are writable
[PASS] The public image directory and its content are writable

Config files

[PASS] The core config file is present
[PASS] The database config file is present
[PASS] The email config file is present
[PASS] The application config file is present

Core config

[PASS] Debug mode is off.
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Unique value set for security.cipherSeed
[PASS] Full base url is set to https:–pw.ohvanhorn.com
[PASS] App.fullBaseUrl validation OK.
[PASS] /healthcheck/status is reachable.

SSL Certificate

[FAIL] SSL peer certificate does not validate
[FAIL] Hostname does not match when validating certificates.
[WARN] Using a self-signed certificate
[HELP] stream_socket_client(): Peer certificate CN=debian.localno.local' did not match expected CN=pw.ohvanhorn.com’
stream_socket_client(): Failed to enable crypto
stream_socket_client(): unable to connect to ssl:–pw.ohvanhorn.com:443 (Unknown error)

Database

[PASS] Configured to use a supported database backend
[PASS] The application is able to connect to the database
[PASS] Not using a prefix for database tables
[FAIL] No table found
[HELP] Run the install script to install the database tables
[HELP] sudo su -s /bin/bash -c “/var/www/passbolt/app/Console/cake install” www-data
[FAIL] No default content found
[HELP] Run the install script to set the default content such as roles and permission types
[HELP] sudo su -s /bin/bash -c “/var/www/passbolt/app/Console/cake install” www-data
[FAIL] The database schema is not up to date.
[HELP] Run the migration scripts:
[HELP] sudo su -s /bin/bash -c “/var/www/passbolt/app/Console/cake Migrations.migration run all” www-data
[HELP] See. https://www.passbolt.com/help/tech/update

GPG Configuration

[PASS] PHP GPG Module is installed and loaded
[PASS] The server gpg key is not the default one
[PASS] The environment variable GNUPGHOME is set to /var/www/passbolt/app/Config/gpg
[PASS] The directory /var/www/passbolt/app/Config/gpg containing the keyring is writable by the user the webserver is running as.
[PASS] The public key file is defined in app/config.php and readable.
[PASS] The private key file is defined in app/config.php and readable.
[FAIL] The server key fingerprint doesn’t match the one defined in app/config.php.
[HELP] Double check the key fingerprint, example:
[HELP] sudo su -s /bin/bash -c “gpg --list-keys --fingerprint --home /var/www/passbolt/app/Config/gpg” www-data | grep -i -B 2 ‘SERVER_KEY_EMAIL’
[HELP] SERVER_KEY_EMAIL: The email you used when you generated the server key.
[HELP] See. https:–www.passbolt.com/help/tech/install#toc_gpg
[PASS] The server key defined in the app/Config.php is in the keyring.
[PASS] There is a valid email id defined for the server key.
[PASS] The public key can be used to encrypt and sign a message.
[PASS] The private key can be used to decrypt a message.

Application configuration

[PASS] Using latest passbolt version (1.6.5)
[PASS] Passbolt is configured to force SSL use
[PASS] App.fullBaseUrl is set to HTTPS
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[PASS] Registration is closed, only administrators can add users.
[PASS] Serving the compiled version of the javascript app
[PASS] All email notifications will be sent.

Development Tools (optional)

[PASS] Phpunit is installed
[PASS] Phpunit version is 3.7.38

6 error(s) found. Hang in there!

OVHDavid · November 15, 2017, 4:33pm

I forgot to add, but this is running in vmWare

OVHDavid · November 17, 2017, 9:24pm

Can anyone offer any help, I’m so close to being done?

cedric · November 17, 2017, 11:16pm

Hello David,

It looks like there is an error in the help comment, the config file is located there.

app/Config/app.php

Thanks for pointing that out.

Regarding your issue, can you confirm :

You well exported your keys (public and private) to the location defined by the GPG configuration in app/Config/app.php ?

From medium doc:
gpg --armor --export-secret-keys SERVER_KEY_EMAIL > /var/www/passbolt/app/Config/gpg/serverkey.private.asc
gpg --armor --export SERVER_KEY_EMAIL > /var/www/passbolt/app/Config/gpg/serverkey.asc

The output of the command mentioned in the healthcheck help gives you the fingerprint of your key you defined in the the GPG configuration in app/Config/app.php ?

sudo su -s /bin/bash -c “gpg --list-keys --fingerprint --home /var/www/passbolt/app/Config/gpg” www-data | grep -i -B 2 ‘SERVER_KEY_EMAIL’

Note:

Ensure you have entered the fingerprint without space in the config file.
If you get several fingerprints for the same email address, you probably don’t use the right one. You can delete your gpg keyring by removing the folder you mentioned in the GPG home configuration and restart the key creation process.

system · November 22, 2017, 11:16pm

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.