/
Initial Configuration of Security Server Fails

Initial Configuration of Security Server Fails

Owned by Petteri Kivimäki
Feb 28, 2022

Problem

Initial configuration of Security Server fails after submitting the Token PIN form. After setting the Security Server PIN code as the last step of the initial configuration process and submitting the form, the form remains pending. Normally, the Clients view should appear after submitting the form, but in this case the Token PIN view remains visible.

When submitting the form, the following lines are written to the Security Server UI log file:

/var/log/xroad/proxy_ui_api.log
2022-02-28T10:29:40.888Z [https-jsse-nio-4000-exec-10] correlation-id:[953029316b93f8b0] INFO  o.n.x.s.r.s.InitializationService - Generationg GPG keypair with command '/usr/share/xroad/scripts/generate_gpg_keypair.sh [/etc/xroad/gpghome, instanceIdentifier/memberClass/memberCode/serverCode]'
2022-02-28T10:29:40.888Z [https-jsse-nio-4000-exec-10] correlation-id:[953029316b93f8b0] INFO  o.n.x.s.r.s.ExternalProcessRunner - Running an external command: /usr/share/xroad/scripts/generate_gpg_keypair.sh /etc/xroad/gpghome instanceIdentifier/memberClass/memberCode/serverCode

The reason for the problem is that generating the Security Server's internal GPG keypair fails because of lack of entropy in the system. To verify this, run the following command that tells the amount available entropy in the system:

cat /proc/sys/kernel/random/entropy_avail

If the number returned by the command is less than 1000, it indicates that there's not enough entropy available for the key generation. In that case, it's strongly recommended to install the "rng-tools" package before configuring the Security Server.

Solution

Install the "rng-tools" package before configuring the Security Server.

  1. Install "rng-tools" package.
    # Ubuntu 18/20
sudo apt-get install rng-tools -y

# RHEL7/8
sudo yum install rng-tools -y
  2. Enable the "rngd" service at boot and start the "rngd" service.
    sudo systemctl enable rngd
sudo systemctl start rngd
  3. Check the available entropy in the system.
    cat /proc/sys/kernel/random/entropy_avail
  4. Now the result should be over 1000.
  5. Remove the previous installation of the Security Server using these instructions.
  6. Re-install the Security Server.
  7. Configure the Security Server.

Related content

How to Configure Central Server?
How to Configure Central Server?
X-Road Knowledge Base
Read with this
I Have Forgotten the PIN Code of the Security Server
I Have Forgotten the PIN Code of the Security Server
X-Road Knowledge Base
More like this
Software token logs itself out on the Security Server
Software token logs itself out on the Security Server
X-Road Knowledge Base
More like this
Sending Authentication Certificate Registration Request from the Security Server to the Central Server Fails
Sending Authentication Certificate Registration Request from the Security Server to the Central Server Fails
X-Road Knowledge Base
More like this
I Have Forgotten the PIN Code of the Central Server
I Have Forgotten the PIN Code of the Central Server
X-Road Knowledge Base
More like this
How to Enter the Security Server PIN Code Automatically?
How to Enter the Security Server PIN Code Automatically?
X-Road Knowledge Base
More like this