"PKI Subsystem Configuration" help (RD@WoSign)
by wosign .cn
Hi, all,
I am trying to install Dogtag Certificate System, but at the
"PKI Subsystem Configuration", we have the problem at step: "Creat e a New
Securit y Domain", whatever we enter, it display error "$errorString", and
if we choose the "*Join an Existing Security Domain *", it display error
"org.xml.sax.SAXParseException: The string "--" is not permitted within
comments.
Maybe some components or configure is error, but I setup and configure pki
subsystem(include Requirements and runtime tool) by the site:
http://pki.fedoraproject.org/wiki/PKI_Install_Guide ,
the infomation of my configure and environment:
hostname: wotestca.com
step 1:
============================================================
Starting pki-ca: [OK]
pki-ca (pid 2817) is running ...
'pki-ca' must still be CONFIGURED!
(see /var/log/pki-ca-install.log)
Before proceeding with the configuration, make sure
the firewall settings of this machine permit proper
access to this subsystem.
Please start the configuration by accessing:
https://wotestca.com
:9445/ca/admin/console/config/login?pin=HPQkcbu71yCYkSpJg6Qz<https://wosignfedora:9445/ca/admin/console/config/login?pin=HPQkcbu71yCYk...>
After configuration, the server can be operated by the command:
/sbin/service pki-cad restart pki-ca
------------------------------------------------------------------------------------------------------------------------
step 2:
open : "https://wotestca.com
:9445/ca/admin/console/config/login?pin=HPQkcbu71yCYkSpJg6Qz<https://wofedora:9445/ca/admin/console/config/login?pin=HPQkcbu71yCYkSpJg6Qz>
"
to CA Setup Wizard
step 3:
choose* "Create a New Security Domain", * enter " testwosecdomain" and
click "NEXT>" button,
return errror"Invalid characters found in Security Domain Name
testwosecdomain. Valid characters are A-Z, a-z, 0-9, dash and space"
choose "*Join an Existing Security Domain *" ,
if enter "https://wotestca.com:9445 <https://wofedora:9445/>"
return error "org.xml.sax.SAXParseException: The string "--" is not
permitted within comments"
if enter" https://wotestca.com:9443" or " https://wotestca.com:9446"
return error "Illegal SSL Admin HTTPS url value for the security domain "
check the directory server:
#service dirsrv status
#dirsrv testca (pid 3342) is running......
So, we can't go on, please tell me what's the problem, and how to do?
thanks a lot.
--
Best Regards,
jeff
13 years, 4 months
Re: [Pki-devel] Error ffffe009
by Andrew Wnuk
Whatever you have configured. By default MasterCRL. Check the agent UI
to be sure.
On 11/10/10 13:50, edgard wrote:
> Ok
>
> The issuing point will be????? for i would edit
>
> EdgardCosta
>
>
>
> EdgardEm 10-11-2010 18:36, Andrew Wnuk escreveu:
>> EdgardCosta,
>>
>> Firefox picks the wrong URL. Correct URL is
>> /https://<host-name>:9444/ca/ee/ca/getCRL?op=getCRL&crlIssuingPoint=<issuing-point-name>/,
>> but Firefox picks /https://<host-name>:9444/ca/ee/ca/getCRL /instead.
>>
>> Thank you,
>> Andrew
>>
>> On 11/10/10 09:29, EdgardCosta wrote:
>>> Andrew
>>>
>>> I´m using dogtag -pki 1.3.6 noarch release 1.el5 in centos 5
>>>
>>> This error show up when we leave the firefox crl configurations
>>> automatic
>>>
>>>
>>>
>>> Very of our clients are complaining about this
>>>
>>> EdgardCosta
>>>
>>>
>>>
>>> Em 10/11/2010 14:48, Andrew Wnuk escreveu:
>>>> EdgardCosta,
>>>>
>>>> Could provide more details on versions, platforms, and how to
>>>> reproduce your case?
>>>>
>>>> Thank you,
>>>> Andrew
>>>>
>>>> On 11/10/10 02:53, edgard wrote:
>>>>> Error message when systems try to automatically upload CRL. Error
>>>>> ffffe009.
>>>>>
>>>>> I think that is something with Firefox. In google there are people
>>>>> claiming to have the same error with CRLs created it from openssl.
>>>>> Is this real? How to fix this problem?
>>>>>
>>>>> EdgardCosta
>>>>>
>>>>> _______________________________________________
>>>>> Pki-devel mailing list
>>>>> Pki-devel(a)redhat.com <mailto:Pki-devel@redhat.com>
>>>>> https://www.redhat.com/mailman/listinfo/pki-devel
>>>>
>>>>
>>> A
>>
>
14 years, 1 month
Re: [Pki-devel] Error ffffe009
by Andrew Wnuk
EdgardCosta,
Firefox picks the wrong URL. Correct URL is
/https://<host-name>:9444/ca/ee/ca/getCRL?op=getCRL&crlIssuingPoint=<issuing-point-name>/,
but Firefox picks /https://<host-name>:9444/ca/ee/ca/getCRL /instead.
Thank you,
Andrew
On 11/10/10 09:29, EdgardCosta wrote:
> Andrew
>
> I´m using dogtag -pki 1.3.6 noarch release 1.el5 in centos 5
>
> This error show up when we leave the firefox crl configurations automatic
>
>
>
> Very of our clients are complaining about this
>
> EdgardCosta
>
>
>
> Em 10/11/2010 14:48, Andrew Wnuk escreveu:
>> EdgardCosta,
>>
>> Could provide more details on versions, platforms, and how to
>> reproduce your case?
>>
>> Thank you,
>> Andrew
>>
>> On 11/10/10 02:53, edgard wrote:
>>> Error message when systems try to automatically upload CRL. Error
>>> ffffe009.
>>>
>>> I think that is something with Firefox. In google there are people
>>> claiming to have the same error with CRLs created it from openssl.
>>> Is this real? How to fix this problem?
>>>
>>> EdgardCosta
>>>
>>> _______________________________________________
>>> Pki-devel mailing list
>>> Pki-devel(a)redhat.com
>>> https://www.redhat.com/mailman/listinfo/pki-devel
>>
>>
> A
14 years, 1 month
Error ffffe009
by edgard
Error message when systems try to automatically upload CRL. Error ffffe009.
I think that is something with Firefox. In google there are people
claiming to have the same error with CRLs created it from openssl.
Is this real? How to fix this problem?
EdgardCosta
14 years, 1 month
