"PKI Subsystem Configuration" help (RD@WoSign)
by wosign .cn
Hi, all,
I am trying to install Dogtag Certificate System, but at the
"PKI Subsystem Configuration", we have the problem at step: "Creat e a New
Securit y Domain", whatever we enter, it display error "$errorString", and
if we choose the "*Join an Existing Security Domain *", it display error
"org.xml.sax.SAXParseException: The string "--" is not permitted within
comments.
Maybe some components or configure is error, but I setup and configure pki
subsystem(include Requirements and runtime tool) by the site:
http://pki.fedoraproject.org/wiki/PKI_Install_Guide ,
the infomation of my configure and environment:
hostname: wotestca.com
step 1:
============================================================
Starting pki-ca: [OK]
pki-ca (pid 2817) is running ...
'pki-ca' must still be CONFIGURED!
(see /var/log/pki-ca-install.log)
Before proceeding with the configuration, make sure
the firewall settings of this machine permit proper
access to this subsystem.
Please start the configuration by accessing:
https://wotestca.com
:9445/ca/admin/console/config/login?pin=HPQkcbu71yCYkSpJg6Qz<https://wosignfedora:9445/ca/admin/console/config/login?pin=HPQkcbu71yCYk...>
After configuration, the server can be operated by the command:
/sbin/service pki-cad restart pki-ca
------------------------------------------------------------------------------------------------------------------------
step 2:
open : "https://wotestca.com
:9445/ca/admin/console/config/login?pin=HPQkcbu71yCYkSpJg6Qz<https://wofedora:9445/ca/admin/console/config/login?pin=HPQkcbu71yCYkSpJg6Qz>
"
to CA Setup Wizard
step 3:
choose* "Create a New Security Domain", * enter " testwosecdomain" and
click "NEXT>" button,
return errror"Invalid characters found in Security Domain Name
testwosecdomain. Valid characters are A-Z, a-z, 0-9, dash and space"
choose "*Join an Existing Security Domain *" ,
if enter "https://wotestca.com:9445 <https://wofedora:9445/>"
return error "org.xml.sax.SAXParseException: The string "--" is not
permitted within comments"
if enter" https://wotestca.com:9443" or " https://wotestca.com:9446"
return error "Illegal SSL Admin HTTPS url value for the security domain "
check the directory server:
#service dirsrv status
#dirsrv testca (pid 3342) is running......
So, we can't go on, please tell me what's the problem, and how to do?
thanks a lot.
--
Best Regards,
jeff
13 years, 4 months
[PATCH 1/2] Display user-supplied extension details on the request review page
by Joshua Roys
Hello,
Attached is a patch to display the details of the user-supplied
extension that has been copied from the certificate request. (We use
the user-supplied extension default to copy all subject alt names from
the request into the certificate. Having to copy the certificate
request to a terminal to verify the alt names before approval was
cumbersome. See patch #2.)
Thanks,
Joshua Roys
13 years, 7 months
[PATCH] Allow arbitrary profiles to use KRA archival
by Joshua Roys
Hello,
Attached is a patch that will allow arbitrary enrollment profiles to
utilize a KRA, if one is set up. Simply add an "archive=true" line to
the profile and restart the CA. No additional logic is added on the
client/js side to see if the profile really is an encryption and not a
signing cert request.
Comments?
Thanks,
Joshua Roys
13 years, 7 months
