search

LibreSign / libresign

✍️ Nextcloud app to sign PDF documents
https://libresign.coop
GNU Affero General Public License v3.0
460 stars 53 forks source link

Problem with deploying jsign/cfssl using LibreSign documentation #564

Closed jehster closed 2 years ago

jehster commented 2 years ago

Hi,

I'm trying to install LibreSign, JSign and CFSSL, based on README. I've deployed a standalone server (Ubuntu 20.04, Apache 2.4 with mod-php, PHP 8, MariaDB, Nextcloud 23) Nextcloud is running good

I've installed LibreSign using occ : sudo -u www-data ./occ app:install libresign Next steps are KO : 

occ libresign:install:java
occ libresign:install:jsignpdf
occ libresign:install:cfssl

it leads to : There are no commands defined in the "libresign:install" namespace. If you have any idea on what I did wrong, it would be great.

regards

vitormattos commented 2 years ago

Hi @jehster, for now you will need do a handmade setup, The commands only will came on next version.

On release 2.4.5 you will need make a handmade setup.

jehster commented 2 years ago

Hi, Thanks for helping

I still have an error about Java : The command line tool java could not be found

But I manage to enable app and configure CFSSL.

I can now send a sign request but I can't set password because there is a tooltip on the password textbox that does not disappear.

vitormattos commented 2 years ago

You need install java or download all the jre for your environment. The java is necessary to run JSignPdf. You already did the setup of JSignPdf following the instructions from README? Only one observation about JSignPdf, is necessary use the version 1.6.5, not the 2.0.0

To set password you will need do the setup of CFSSL and configure the root certificate following the instructions on README

jehster commented 2 years ago

Java is installed as said on readme

Jsign is installed in 1.6.5 version as you tell me higher

CFSSL is setup as documented in readme

image

vitormattos commented 2 years ago

You generated the root certificate with success on settings > administration > LibreSign?

jehster commented 2 years ago

Yes, certificate has been successfully generated.

Maybe the problem comes from validation url. Whatever is the url I give, I can save it. I don't have 'Save' button

jehster commented 2 years ago

I manage to sign .. but have some weird problem :

QR code print on the file lead to the signing page of the file asking for password And the date is not written

image

And I still have some error in logs of cfssl :

2022/02/01 22:42:14 [INFO] Initializing signer
2022/02/01 22:42:14 [WARNING] couldn't initialize ocsp signer: open : no such file or directory
2022/02/01 22:42:14 [INFO] bundler API ready
2022/02/01 22:42:14 [INFO] endpoint '/api/v1/cfssl/bundle' is enabled
2022/02/01 22:42:14 [INFO] setting up key / CSR generator
2022/02/01 22:42:14 [INFO] endpoint '/api/v1/cfssl/newkey' is enabled
2022/02/01 22:42:14 [INFO] endpoint '/api/v1/cfssl/init_ca' is enabled
2022/02/01 22:42:14 [INFO] endpoint '/api/v1/cfssl/scan' is enabled
2022/02/01 22:42:14 [INFO] endpoint '/api/v1/cfssl/certinfo' is enabled
2022/02/01 22:42:14 [INFO] endpoint '/api/v1/cfssl/certadd' is enabled
2022/02/01 22:42:14 [INFO] endpoint '/api/v1/cfssl/newcert' is enabled
2022/02/01 22:42:14 [INFO] endpoint '/api/v1/cfssl/authsign' is enabled
2022/02/01 22:42:14 [INFO] endpoint '/api/v1/cfssl/info' is enabled
2022/02/01 22:42:14 [INFO] endpoint '/api/v1/cfssl/gencrl' is enabled
2022/02/01 22:42:14 [WARNING] endpoint 'revoke' is disabled: cert db not configured (missing -db-config)
2022/02/01 22:42:14 [INFO] endpoint '/' is enabled
2022/02/01 22:42:14 [INFO] endpoint '/api/v1/cfssl/sign' is enabled
2022/02/01 22:42:14 [WARNING] endpoint 'ocspsign' is disabled: signer not initialized
2022/02/01 22:42:14 [INFO] endpoint '/api/v1/cfssl/health' is enabled
2022/02/01 22:42:14 [WARNING] endpoint 'crl' is disabled: cert db not configured (missing -db-config)
2022/02/01 22:42:14 [INFO] endpoint '/api/v1/cfssl/scaninfo' is enabled
2022/02/01 22:42:14 [INFO] Handler set up complete.
2022/02/01 22:42:14 [INFO] Now listening on 0.0.0.0:8888
vitormattos commented 2 years ago

Hi, about qrcode is the URL that you put on settings > administration > LibreSign

The right URL is cloud.yourdomain.coop/apps/libresign/validation/ changing the domain for your domain.

At this moment LibreSign don't write the date and isn't possible change the footer.

The validation URL is very big, I recommend to create a rule on your http server to redirect a small URL with the UUID of file to long URL.

About CFSSL, the basic necessary to LibreSign work is OK. At this moment only use the endpoints health and newcert. I have plans to implement support to CRL and to use endpoint revoke.

About the save button to save validation URL, don't have, is saved automatically.

jehster commented 2 years ago

Ok, so if I understand well, everything is now ok :)

Last question .. is it possible to reduce the size of the QR code ? :)

thanks for helping

vitormattos commented 2 years ago

The qrcode is proportional to size of validation page URL. Now only is possible reduce the size with security creating a very small domain with UUID on path and implementing redirection to full URL of validation page like the example on README.

vitormattos commented 2 years ago

Check new version of LibreSign.