"PKI Subsystem Configuration" help (RD@WoSign)
by wosign .cn
Hi, all,
I am trying to install Dogtag Certificate System, but at the
"PKI Subsystem Configuration", we have the problem at step: "Creat e a New
Securit y Domain", whatever we enter, it display error "$errorString", and
if we choose the "*Join an Existing Security Domain *", it display error
"org.xml.sax.SAXParseException: The string "--" is not permitted within
comments.
Maybe some components or configure is error, but I setup and configure pki
subsystem(include Requirements and runtime tool) by the site:
http://pki.fedoraproject.org/wiki/PKI_Install_Guide ,
the infomation of my configure and environment:
hostname: wotestca.com
step 1:
============================================================
Starting pki-ca: [OK]
pki-ca (pid 2817) is running ...
'pki-ca' must still be CONFIGURED!
(see /var/log/pki-ca-install.log)
Before proceeding with the configuration, make sure
the firewall settings of this machine permit proper
access to this subsystem.
Please start the configuration by accessing:
https://wotestca.com
:9445/ca/admin/console/config/login?pin=HPQkcbu71yCYkSpJg6Qz<https://wosignfedora:9445/ca/admin/console/config/login?pin=HPQkcbu71yCYk...>
After configuration, the server can be operated by the command:
/sbin/service pki-cad restart pki-ca
------------------------------------------------------------------------------------------------------------------------
step 2:
open : "https://wotestca.com
:9445/ca/admin/console/config/login?pin=HPQkcbu71yCYkSpJg6Qz<https://wofedora:9445/ca/admin/console/config/login?pin=HPQkcbu71yCYkSpJg6Qz>
"
to CA Setup Wizard
step 3:
choose* "Create a New Security Domain", * enter " testwosecdomain" and
click "NEXT>" button,
return errror"Invalid characters found in Security Domain Name
testwosecdomain. Valid characters are A-Z, a-z, 0-9, dash and space"
choose "*Join an Existing Security Domain *" ,
if enter "https://wotestca.com:9445 <https://wofedora:9445/>"
return error "org.xml.sax.SAXParseException: The string "--" is not
permitted within comments"
if enter" https://wotestca.com:9443" or " https://wotestca.com:9446"
return error "Illegal SSL Admin HTTPS url value for the security domain "
check the directory server:
#service dirsrv status
#dirsrv testca (pid 3342) is running......
So, we can't go on, please tell me what's the problem, and how to do?
thanks a lot.
--
Best Regards,
jeff
13 years, 4 months
problem compiling pki-utils
by Alexander V Vershilov
Hello.
I'm trying to build pki-utils on my Gentoo linux. And I cannot compile
pki-utils because I'm getting error:
[javac] /var/tmp/portage/app-pki/pki-util-1.3.1/work/pki-util-1.3.1/src/com/netscape/cmsutil/crypto/CryptoUtil.java:155: cannot find symbol
[javac] symbol : class Usage
[javac] location: class org.mozilla.jss.crypto.KeyPairGeneratorSpi
[javac]
org.mozilla.jss.crypto.KeyPairGeneratorSpi.Usage[] usage_mask)
So I see that you have used special jss version with additional classes
such as Usage class.
I want to ask where could I get pathes from? Or maybe I've done something wrong.
I've taken pki from: http://pki.fedoraproject.org/pki/sources/pki-util/pki-util-1.3.1.tar.gz
and used jss-4.3 from: cvs-mirror.mozilla.org
--
Best regards
Alexander V Vershilov
14 years, 5 months
Re: [Pki-devel] "PKI Subsystem Configuration" help (RD@WoSign)
by Kashyap Chamarthy
(adding list)
On 07/19/2010 02:01 PM, RD@WoSign wrote:
> kashyap,
> Thank you for help.I have tried serval times by your advises on
> fedora12 or fedora13,but still failed.
> Install Dogtag Certificate System on fedora12, if I choose "Create a New
> Security Domain",whatever we enter, there is nothing to display,
> if choose "Join an Existing Security Domain ",it display error
> "org.xml.sax.SAXParseException: The string "--" is not permitted
> within comments.
I'm not sure, why you're hitting that message if you're using a domain name with valid
sane characters. As I mentioned earlier, it works perfectly fine for me with exact
security domain name as yours on Fedora12.
>
> There are also several doubts at the installation process:
> 1. On fedora 12, download the Binary Packages of Dogtag
> Certificate System 1.3 and later, include header(dir),repodata(dir) and
> *.rpm, but i don't known how to use.
Dogtag Certificate system 1.3 onwards, is now included in the Fedora repositories. So,
binary packages download is not necessary.
> 2. if i install the dogtag-pki, the SubSystem(pki-ca pki-kra and so
> on) will be setup, Both methods are equivalent?
Yes,
On a clean machine, installing 'dogtag-pki' should give you all subsystems. (dogtag-pki is
a meta package which will install all the required components)
-----
# yum install dogtag-pki
-----
/kashyap
> Look forward to your help,
> jeff
>
> 2010/7/13 Kashyap Chamarthy <kchamart(a)redhat.com
> <mailto:kchamart@redhat.com>>
>
> On 07/13/2010 08:06 AM, RD@WoSign wrote:
>
> Hi, all,
> I am trying to install Dogtag Certificate System, but at the
> "PKI
> Subsystem Configuration", we have the problem at step: "Creat e
> a New
> Securit y Domain", whatever we enter, it display error
> "$errorString",
> and if we choose the "*Join an Existing Security Domain *", it
> display
> error "org.xml.sax.SAXParseException: The string "--" is not
> permitted
> within comments.
> Maybe some components or configure is error, but I setup and
> configure
> pki subsystem(include Requirements and runtime tool) by the
> site:http://pki.fedoraproject.org/wiki/PKI_Install_Guide ,
>
> the infomation of my configure and environment:
>
> hostname: wotestca.com <http://wotestca.com/>
> <http://wotestca.com <http://wotestca.com/>>
>
> step 1:
> ============================================================
> Starting pki-ca: [OK]
> pki-ca (pid 2817) is running ...
> 'pki-ca' must still be CONFIGURED!
> (see /var/log/pki-ca-install.log)
> Before proceeding with the configuration, make sure
> the firewall settings of this machine permit proper
> access to this subsystem.
> Please start the configuration by accessing:
> https://wotestca.com:9445/ca/admin/console/config/login?pin=HPQkcbu71yCYk...
> After configuration, the server can be operated by the command:
> /sbin/service pki-cad restart pki-ca
> ------------------------------------------------------------------------------------------------------------------------
>
> step 2:
> open :
> "https://wotestca.com:9445/ca/admin/console/config/login?pin=HPQkcbu71yCYk..."
> to CA Setup Wizard
>
> step 3:
> choose "Create a New Security Domain", enter "
> testwosecdomain"
> and click "NEXT>" button,
>
>
> I tried same value you used above (_without_ the double quotes) on
> Fedora-12 for a 'New Security domain' and I was able to proceed
> perfectly fine.
>
>
> return errror"Invalid characters found in Security Domain Name
> testwosecdomain. Valid characters are A-Z, a-z, 0-9, dash and space"
>
>
> This clearly mentions what characters are 'valid'. Maybe you want to
> double-check that you're not inadvertently entering invalid
> characters(like "").
>
> hope that helps,
>
> /kashyap
>
>
>
>
> choose "Join an Existing Security Domain " ,
> if enter "https://wotestca.com:9445 <https://wotestca.com:9445/>
> <https://wotestca.com:9445/>"
>
> return error "org.xml.sax.SAXParseException: The string "--" is not
> permitted within comments"
>
> if enter" https://wotestca.com:9443 <https://wotestca.com:9443/>
> <https://wotestca.com:9443/>" or "
> https://wotestca.com:9446 <https://wotestca.com:9446/>
> <https://wotestca.com:9446/>"
>
> return error "Illegal SSL Admin HTTPS url value for the security
> domain "
>
>
> check the directory server:
> #service dirsrv status
> #dirsrv testca (pid 3342) is running......
>
> So, we can't go on, please tell me what's the problem, and how
> to do?
> thanks a lot.
>
> --
> Best Regards,
> jeff
>
>
>
> _______________________________________________
> Pki-devel mailing list
> Pki-devel(a)redhat.com <mailto:Pki-devel@redhat.com>
> https://www.redhat.com/mailman/listinfo/pki-devel
>
>
>
14 years, 5 months
"PKI Subsystem Configuration" help (RD@WoSign)
by RD@WoSign
Hi, all,
I am trying to install Dogtag Certificate System, but at the "PKI
Subsystem Configuration", we have the problem at step: "Creat e a New
Securit y Domain", whatever we enter, it display error "$errorString", and
if we choose the "*Join an Existing Security Domain *", it display error
"org.xml.sax.SAXParseException: The string "--" is not permitted within
comments.
Maybe some components or configure is error, but I setup and configure pki
subsystem(include Requirements and runtime tool) by the site:
http://pki.fedoraproject.org/wiki/PKI_Install_Guide ,
the infomation of my configure and environment:
hostname: wotestca.com
step 1:
============================================================
Starting pki-ca: [OK]
pki-ca (pid 2817) is running ...
'pki-ca' must still be CONFIGURED!
(see /var/log/pki-ca-install.log)
Before proceeding with the configuration, make sure
the firewall settings of this machine permit proper
access to this subsystem.
Please start the configuration by accessing:
https://wotestca.com:9445/ca/admin/console/config/login?pin=HPQkcbu71yCYk...
After configuration, the server can be operated by the command:
/sbin/service pki-cad restart pki-ca
------------------------------------------------------------------------------------------------------------------------
step 2:
open : "
https://wotestca.com:9445/ca/admin/console/config/login?pin=HPQkcbu71yCYk...
"
to CA Setup Wizard
step 3:
choose "Create a New Security Domain", enter " testwosecdomain" and
click "NEXT>" button,
return errror"Invalid characters found in Security Domain Name
testwosecdomain. Valid characters are A-Z, a-z, 0-9, dash and space"
choose "Join an Existing Security Domain " ,
if enter "https://wotestca.com:9445"
return error "org.xml.sax.SAXParseException: The string "--" is not
permitted within comments"
if enter" https://wotestca.com:9443" or " https://wotestca.com:9446"
return error "Illegal SSL Admin HTTPS url value for the security domain "
check the directory server:
#service dirsrv status
#dirsrv testca (pid 3342) is running......
So, we can't go on, please tell me what's the problem, and how to do?
thanks a lot.
--
Best Regards,
jeff
14 years, 5 months
"PKI Subsystem Configuration" help
by RD@WoSign
Hi, all,
I am trying to install Dogtag Certificate System, but at the "PKI Subsystem
Configuration", we have the problem at step: "Creat e a New Securit y
Domain", whatever we enter, it display error "$errorString", and if we
choose the "*Join an Existing Security Domain *", it display error
"org.xml.sax.SAXParseException:
The string "--" is not permitted within comments."
So, we can't go on, please tell me what's the problem, and how to do? thanks
a lot.
Best Regards,
Jeff
14 years, 5 months