"PKI Subsystem Configuration" help (RD@WoSign)
by wosign .cn
Hi, all,
I am trying to install Dogtag Certificate System, but at the
"PKI Subsystem Configuration", we have the problem at step: "Creat e a New
Securit y Domain", whatever we enter, it display error "$errorString", and
if we choose the "*Join an Existing Security Domain *", it display error
"org.xml.sax.SAXParseException: The string "--" is not permitted within
comments.
Maybe some components or configure is error, but I setup and configure pki
subsystem(include Requirements and runtime tool) by the site:
http://pki.fedoraproject.org/wiki/PKI_Install_Guide ,
the infomation of my configure and environment:
hostname: wotestca.com
step 1:
============================================================
Starting pki-ca: [OK]
pki-ca (pid 2817) is running ...
'pki-ca' must still be CONFIGURED!
(see /var/log/pki-ca-install.log)
Before proceeding with the configuration, make sure
the firewall settings of this machine permit proper
access to this subsystem.
Please start the configuration by accessing:
https://wotestca.com
:9445/ca/admin/console/config/login?pin=HPQkcbu71yCYkSpJg6Qz<https://wosignfedora:9445/ca/admin/console/config/login?pin=HPQkcbu71yCYk...>
After configuration, the server can be operated by the command:
/sbin/service pki-cad restart pki-ca
------------------------------------------------------------------------------------------------------------------------
step 2:
open : "https://wotestca.com
:9445/ca/admin/console/config/login?pin=HPQkcbu71yCYkSpJg6Qz<https://wofedora:9445/ca/admin/console/config/login?pin=HPQkcbu71yCYkSpJg6Qz>
"
to CA Setup Wizard
step 3:
choose* "Create a New Security Domain", * enter " testwosecdomain" and
click "NEXT>" button,
return errror"Invalid characters found in Security Domain Name
testwosecdomain. Valid characters are A-Z, a-z, 0-9, dash and space"
choose "*Join an Existing Security Domain *" ,
if enter "https://wotestca.com:9445 <https://wofedora:9445/>"
return error "org.xml.sax.SAXParseException: The string "--" is not
permitted within comments"
if enter" https://wotestca.com:9443" or " https://wotestca.com:9446"
return error "Illegal SSL Admin HTTPS url value for the security domain "
check the directory server:
#service dirsrv status
#dirsrv testca (pid 3342) is running......
So, we can't go on, please tell me what's the problem, and how to do?
thanks a lot.
--
Best Regards,
jeff
13 years, 4 months
Fwd: Dogtag - subjectAltName not correctly substituted: $request.requestor_email$
by Frederic d'Huart
Dears,
Already submitted few days ago to the pki-user list.
Could you help me dealing with this issue ?
Thank you.
-------- Original Message --------
Subject: Dogtag - subjectAltName not correctly substituted:
$request.requestor_email$
Date: Mon, 20 Sep 2010 23:28:54 +0200
From: Frederic d'Huart <fdh(a)x-zone.org>
To: pki-users(a)redhat.com
FC12 latest update.
pki-ca v1.3.6-1.fc12 and pki-ra v 1.3.1-1.fc12
yum repo fetch from: http://pki.fedoraproject.org/pki/download/pki/pki.repo
When trying to generate a user certificate using the RA end user
interface, I have notice the subjectAltName was not substituted correctly.
My user certs always display:
X509v3 Subject Alternative Name:
email:$request.requestor_email$
The only reference found was related to RH Cert Manager on the following
link:
http://www.redhat.com/docs/manuals/cert-system/8.0/rel-notes/html/Release...
defined as Bug N° 238039 but no workaround proposed.
Does somebody knows how to fix this issue ?
Thank you.
14 years, 3 months
