Installing OpenXPKI CA

  1. Connect the machine using PuTTY or another client.
  2. From the client, run the sudo su - command to go to the root user.
  3. Enter the root password.
  4. In nano /etc/apt/sources.list, change the source for installing the updates.
  5. Update the file. For example: 
    #

# deb cdrom:[Debian GNU/Linux 8.11.1 _Jessie_ - Official amd64 CD Binary-1 20190211-02:10]/ jessie local main
# deb cdrom:[Debian GNU/Linux 8.11.1 _Jessie_ - Official amd64 CD Binary-1 20190211-02:10]/ jessie local main

deb http://security.debian.org/ jessie/updates main
deb-src http://security.debian.org/ jessie/updates main

# jessie-updates, previously known as 'volatile'
# A network mirror was not selected during install.  The following entries
# are provided as examples, but you should amend them as appropriate
# for your mirror of choice.
#
deb http://ftp.debian.org/debian/jessie-updates main
deb-src http://ftp.debian.org/debian/jessie-updates main
deb http://ftp.us.debian.org/debian/jessie main
  6. Save the file.
  7. Run the following commands:

    • apt-get update

    • apt-get upgrade

  8. Update the CA certificate lists in the server using apt-get install ca-certificates.
  9. Install en_US.utf8 locale using dpkg-reconfigure locales.
  10. Select the en_US.UTF-8 UTF-8 locale, and then make it the default locale for the system.
    Note: Use the Tab and spacebar keys for selecting and navigating the menu.
  11. Check the locales that you have generated using locale –a.

    Sample output 

    C
C.UTF-8
en_IN
en_IN.utf8
en_US.utf8
POSIX
  12. Copy the fingerprint of the OpenXPKI package using nano /home/Release.key. For this instance, copy the key in /home.
  13. Type 9B156AD0 F0E6A6C7 86FABE7A D8363C4E 1611A2BE 2B251336 01D1CDB4 6C24BEF3 as the value.
  14. Run the following command:

    gpg --print-md sha256 /home/Release.key

  15. Add the package using the wget https://packages.openxpki.org/v2/debian/Release.key -O - | apt-key add - command.
  16. Add the repository to your source list (jessie) using echo "deb http://packages.openxpki.org/v2/debian/jessie release" > /etc/apt/sources.list.d/openxpki.list, and then aptitude update.
  17. Install MySQL and Perl MySQL binding using aptitude install mysql-server libdbd-mysql-perl.
  18. Install apache2.2-common using aptitude install apache2.2-common.
  19. In nano /etc/apt/sources.list, install the fastcgi module to speed up the user interface.
    Note: We recommend using mod_fcgid.
  20. Add the deb http://http.us.debian.org/debian/jessie main line in the file, and then save it.
  21. Run the following commands:
    • apt-get update
    • aptitude install libapache2-mod-fcgid
  22. Enable the fastcgi module using a2enmod fcgid.
  23. Install the OpenXPKI core package using aptitude install libopenxpki-perl openxpki-cgi-session-driver openxpki-i18n.
  24. Restart the Apache® server using service apache2 restart.
  25. Check whether the installation is successful using openxpkiadm version.
    Note: If the installation is successful, then the system shows the version of the installed OpenXPKI. For example, Version (core): 2.5.5.
  26. Create the empty database, and then assign the database user using mysql -u root –p.
    Notes:
    • This command must be typed in the client. Otherwise, you cannot enter the password.
    • Type the password for the MySQL. For this instance, root is the MySQL user.
    • openxpki is the user on which OpenXPKI is installed.
    CREATE DATABASE openxpki CHARSET utf8; 
CREATE USER 'openxpki'@'localhost' IDENTIFIED BY 'openxpki';
GRANT ALL ON openxpki.* TO 'openxpki'@'localhost';
flush privileges;

    If the MySQL service is not running, then run /etc/init.d/mysql start to start the service.

  27. Type quit to exit from MySQL.
  28. Store the used credentials in /etc/openxpki/config.d/system/database.yaml.

    Sample file content 

    debug: 0
type: MySQL
name: openxpki
host: localhost
port: 3306
user: openxpki 
passwd: openxpki
    Note: Change user and passwd to match the MySQL user name and password.
  29. Save the file.
  30. For empty database schema, run zcat /usr/share/doc/libopenxpki-perl/examples/schema-mysql.sql.gz | \mysql -u root --password --database openxpki from the provided schema file.
  31. Enter the password for the database.