Initial Configuration of Security Server Fails

Problem

Initial configuration of Security Server fails after submitting the Token PIN form. After setting the Security Server PIN code as the last step of the initial configuration process and submitting the form, the form remains pending. Normally, the Clients view should appear after submitting the form, but in this case the Token PIN view remains visible.

When submitting the form, the following lines are written to the Security Server UI log file:

2022-02-28T10:29:40.888Z [https-jsse-nio-4000-exec-10] correlation-id:[953029316b93f8b0] INFO  o.n.x.s.r.s.InitializationService - Generationg GPG keypair with command '/usr/share/xroad/scripts/generate_gpg_keypair.sh [/etc/xroad/gpghome, instanceIdentifier/memberClass/memberCode/serverCode]'
2022-02-28T10:29:40.888Z [https-jsse-nio-4000-exec-10] correlation-id:[953029316b93f8b0] INFO  o.n.x.s.r.s.ExternalProcessRunner - Running an external command: /usr/share/xroad/scripts/generate_gpg_keypair.sh /etc/xroad/gpghome instanceIdentifier/memberClass/memberCode/serverCode

The reason for the problem is that generating the Security Server's internal GPG keypair fails because of lack of entropy in the system. To verify this, run the following command that tells the amount available entropy in the system:

cat /proc/sys/kernel/random/entropy_avail

If the number returned by the command is less than 1000, it indicates that there's not enough entropy available for the key generation. In that case, it's strongly recommended to install the "rng-tools" package before configuring the Security Server.

Solution

Install the "rng-tools" package before configuring the Security Server.

1. Install "rng-tools" package.

   # Ubuntu 18/20
   sudo apt-get install rng-tools -y
   
   # RHEL7/8
   sudo yum install rng-tools -y

2. Enable the "rngd" service at boot and start the "rngd" service.

   sudo systemctl enable rngd
   sudo systemctl start rngd

3. Check the available entropy in the system.

   cat /proc/sys/kernel/random/entropy_avail

4. Now the result should be over 1000.
5. Remove the previous installation of the Security Server using these instructions.
6. Re-install the Security Server.
7. Configure the Security Server.

Related articles

• Page:
  I Have Forgotten the PIN Code of the Central Server
• Page:
  Client Specifies HTTPS But Did Not Supply TLS Certificate
• Page:
  I Have Forgotten the PIN Code of the Security Server
• Page:
  Error With The X-Road Package Repository Metadata
• Page:
  Software token logs itself out on the Security Server