Checklist
[x] I have read intro post: About the Installation Issues category
[x] I have read the tutorials, help and searched for similar issues
[x] I provide relevant information about my server (component names and versions, etc.)
[x] I provide a copy of my logs and healthcheck
[x] I describe the steps I have taken to trouble shoot the problem
[x] I describe the steps on how to reproduce the issue
Hi all,
Really sorry if this question has been asked a million times. I have searched the forums and I cannot seem to find the exact issue I am seeing.
My server is all setup and ready to go but using Apache not nginx on RockyLinux.
I have registered myself as a user by issuing the command ‘/bin/bash -c “./bin/cake passbolt register_user -u me.myself@mycompany.co.uk -f Me -l Myself -r admin” apache’
I then follow the registration URL that is generated. But I get this message:
If I select “Try with another email” and put the same email address in again, await my recovery email to arrive and follow the link I am asked for a private key? Where do I get this from?
If I click on “Help, I lost my private key” I get taken to the page to request a new account. If I create a new account the same thing happens again so I go round in circles.
I do have some errors in my health check but I don’t think they are related. I’m running the server internally on a local Intranet server therefore we have to use self signed certificates.
[root@g000081 passbolt]# cat /proc/sys/kernel/random/entropy_avail
4036
[root@g000081 passbolt]# /bin/bash -c "./bin/cake passbolt healthcheck" www-data
____ __ ____
/ __ \____ _____ ____/ /_ ____ / / /_
/ /_/ / __ `/ ___/ ___/ __ \/ __ \/ / __/
/ ____/ /_/ (__ |__ ) /_/ / /_/ / / /
/_/ \__,_/____/____/_.___/\____/_/\__/
Open source password manager for teams
-------------------------------------------------------------------------------
Healthcheck shell
-------------------------------------------------------------------------------
Environment
[PASS] PHP version 7.4.27.
[PASS] PCRE compiled with unicode support.
[PASS] The temporary directory and its content are writable and not executable.
[PASS] The logs directory and its content are writable.
[PASS] GD or Imagick extension is installed.
[PASS] Intl extension is installed.
[PASS] Mbstring extension is installed.
Config files
[PASS] The application config file is present
[PASS] The passbolt config file is present
Core config
[PASS] Debug mode is off.
[PASS] Cache is working.
[PASS] Unique value set for security.salt
[PASS] Full base url is set to https://passbolt.mycomany.local
[PASS] App.fullBaseUrl validation OK.
[PASS] /healthcheck/status is reachable.
SSL Certificate
[FAIL] SSL peer certificate does not validate
[FAIL] Hostname does not match when validating certificates.
[WARN] Using a self-signed certificate
[HELP] cURL Error (60) SSL certificate problem: self signed certificate in certificate chain
Database
[PASS] The application is able to connect to the database
[PASS] 26 tables found
[PASS] Some default content is present
[PASS] The database schema up to date.
GPG Configuration
[PASS] PHP GPG Module is installed and loaded.
[PASS] The environment variable GNUPGHOME is set to /root/.gnupg.
[PASS] The directory /root/.gnupg containing the keyring is writable by the webserver user.
[PASS] The server OpenPGP key is not the default one
[PASS] The public key file is defined in config/passbolt.php and readable.
[PASS] The private key file is defined in config/passbolt.php and readable.
[PASS] The server key fingerprint matches the one defined in config/passbolt.php.
[PASS] The server public key defined in the config/passbolt.php (or environment variables) is in the keyring.
[PASS] There is a valid email id defined for the server key.
[FAIL] The public key cannot be used to encrypt a message
[HELP] Make sure that the server private key is valid and that there is no passphrase.
[HELP] Make sure you imported the private server key in the keyring of the webserver user.
[HELP] you can try:
[HELP] sudo su -s /bin/bash -c "gpg --home /root/.gnupg --import /var/www/passbolt/config/gpg/serverkey_private.asc" root
[PASS] The private key can be used to sign a message.
[FAIL] The public and private keys cannot be used to encrypt and sign a message
[FAIL] The private key cannot be used to decrypt a message
[FAIL] The private key cannot be used to decrypt and verify a message
[FAIL] The public key cannot be used to verify a signature.
Application configuration
[PASS] Using latest passbolt version (3.4.0).
[PASS] Passbolt is configured to force SSL use.
[PASS] App.fullBaseUrl is set to HTTPS.
[PASS] Selenium API endpoints are disabled.
[PASS] Search engine robots are told not to index content.
[PASS] Registration is closed, only administrators can add users.
[PASS] Serving the compiled version of the javascript app
[PASS] All email notifications will be sent.
JWT Authentication
[WARN] The JWT Authentication plugin is disabled
[HELP] Set the environment variable PASSBOLT_PLUGINS_JWT_AUTHENTICATION_ENABLED to true
[FAIL] 7 error(s) found. Hang in there!
Can anyone assist? I’m so close, I can feel it!