"PKI Subsystem Configuration" help (RD@WoSign)
by wosign .cn
Hi, all,
I am trying to install Dogtag Certificate System, but at the
"PKI Subsystem Configuration", we have the problem at step: "Creat e a New
Securit y Domain", whatever we enter, it display error "$errorString", and
if we choose the "*Join an Existing Security Domain *", it display error
"org.xml.sax.SAXParseException: The string "--" is not permitted within
comments.
Maybe some components or configure is error, but I setup and configure pki
subsystem(include Requirements and runtime tool) by the site:
http://pki.fedoraproject.org/wiki/PKI_Install_Guide ,
the infomation of my configure and environment:
hostname: wotestca.com
step 1:
============================================================
Starting pki-ca: [OK]
pki-ca (pid 2817) is running ...
'pki-ca' must still be CONFIGURED!
(see /var/log/pki-ca-install.log)
Before proceeding with the configuration, make sure
the firewall settings of this machine permit proper
access to this subsystem.
Please start the configuration by accessing:
https://wotestca.com
:9445/ca/admin/console/config/login?pin=HPQkcbu71yCYkSpJg6Qz<https://wosignfedora:9445/ca/admin/console/config/login?pin=HPQkcbu71yCYk...>
After configuration, the server can be operated by the command:
/sbin/service pki-cad restart pki-ca
------------------------------------------------------------------------------------------------------------------------
step 2:
open : "https://wotestca.com
:9445/ca/admin/console/config/login?pin=HPQkcbu71yCYkSpJg6Qz<https://wofedora:9445/ca/admin/console/config/login?pin=HPQkcbu71yCYkSpJg6Qz>
"
to CA Setup Wizard
step 3:
choose* "Create a New Security Domain", * enter " testwosecdomain" and
click "NEXT>" button,
return errror"Invalid characters found in Security Domain Name
testwosecdomain. Valid characters are A-Z, a-z, 0-9, dash and space"
choose "*Join an Existing Security Domain *" ,
if enter "https://wotestca.com:9445 <https://wofedora:9445/>"
return error "org.xml.sax.SAXParseException: The string "--" is not
permitted within comments"
if enter" https://wotestca.com:9443" or " https://wotestca.com:9446"
return error "Illegal SSL Admin HTTPS url value for the security domain "
check the directory server:
#service dirsrv status
#dirsrv testca (pid 3342) is running......
So, we can't go on, please tell me what's the problem, and how to do?
thanks a lot.
--
Best Regards,
jeff
13 years, 4 months
pki-dogtag operation(ca , subca)
by RD@WoSign
hi,all,
I have installed Dogtag Certificate System by
pki_install_guide,include ca, subca, kra, ocsp,tks,ra and tps, configure is
finished.
i have problem in using the Dogtag Certificate Sytem, there many main
requestes follow.
note: my test domain is wotest.com , operate platform is fedora 13
* 1.* after pkicreate and configure,Enrollment Certificate by URL *
https://wotest.com:9444/ca/ee/ca/ * and Issue Certifite are OK,
but i access subca Agent Service, can't fetch the subca's Certificate
Enrollment submited by SSL END USER SERVICES(*
https://wotest.com:9544/ca/ee/ca*/).
Subca's Agent Service Click *List
Requests<https://woto.localdomain:9443/ca/agent/ca/frameListReq.html>
* display :
*Problem Processing Your Request * *
*
*The Certificate Manager encountered an unexpected error while processing
your request. The following is a detailed message of the error that
occurred.
*
*Invalid Credential.
*
*Please consult your local administrator for further assistance. The
Certificate System logs may provide further information. *
* 2.* if I restart fc13 and execute the "service pki-cad start " ,display:
* pki-ca (pid 3386) is running ...
Unsecure Port = http://wotest.com:9180/ca/ee/ca
Secure Agent Port = https://wotest.com:9443/ca/agent/ca
Secure EE Port = https://wotest.com:9444/ca/ee/ca
Secure Admin Port = https://wotest.com:9445/ca/services
EE Client Auth Port = https://wotest.com:9446/ca/eeca/ca
PKI Console Port = pkiconsole https://wotest.com:9445/ca* *
Tomcat Port = 9701 (for shutdown)
PKI Instance Name: pki-ca
PKI Subsystem Type: Root CA (Security Domain)
Registered PKI Security Domain Information:
==========================================================================
Name: wotest
URL: https://wotest.com:9445
==========================================================================
[root@woto jeff]# service pki-cad start pki-subca
Starting pki-subca:
[确定]
pki-subca (pid 4341) is running ...
Unsecure Port = http://wotest.com:9580/ca/ee/ca
Secure Agent Port = https://wotest.com:9543/ca/agent/ca
Secure EE Port = https:/wotest.com:9544/ca/ee/ca
Secure Admin Port = https://wotest.com:9545/ca/services
EE Client Auth Port = https://wotest.com:9546/ca/eeca/ca
PKI Console Port = pkiconsole https://wotest.com:9545/ca
Tomcat Port = 9801 (for shutdown)
PKI Instance Name: pki-subca
PKI Subsystem Type: Subordinate CA
Registered PKI Security Domain Information:
==========================================================================
Name: wotest
URL: https://wotest.com:9445
==========================================================================*
if i access Agent Services in CA or SUBCA, Click *List
Requests<https://woto.localdomain:9443/ca/agent/ca/frameListReq.html>
* display :
*Problem Processing Your Request * *
*
*The Certificate Manager encountered an unexpected error while processing
your request. The following is a detailed message of the error that
occurred.
*
*Invalid Credential.
*
*Please consult your local administrator for further assistance. The
Certificate System logs may provide further information.
*
So, we can't go on, please tell me what's the problem, and how to do?
thanks a lot.
--
Best Regards,
jeff
13 years, 11 months