 
                                        
                                
                         
                        
                                
                                
                                        
                                                
                                        
                                        
                                        "PKI Subsystem Configuration" help (RD@WoSign)
                                
                                
                                
                                    
                                        by wosign .cn
                                    
                                
                                
                                        Hi, all,
   I am trying to install Dogtag Certificate System, but at the
"PKI Subsystem Configuration", we have the problem at step: "Creat e a New
Securit y Domain", whatever we enter, it display error "$errorString", and
if we choose the "*Join an Existing Security Domain *", it display error
"org.xml.sax.SAXParseException: The   string "--" is not permitted within
comments.
Maybe some components or configure is error, but I setup and configure pki
subsystem(include Requirements and runtime tool) by the site:
http://pki.fedoraproject.org/wiki/PKI_Install_Guide ,
the infomation of my configure and environment:
hostname: wotestca.com
step 1:
============================================================
Starting pki-ca:                                           [OK]
pki-ca (pid 2817) is running ...
    'pki-ca' must still be CONFIGURED!
    (see /var/log/pki-ca-install.log)
Before proceeding with the configuration, make sure
the firewall settings of this machine permit proper
access to this subsystem.
Please start the configuration by accessing:
https://wotestca.com
:9445/ca/admin/console/config/login?pin=HPQkcbu71yCYkSpJg6Qz<https://wosignfedora:9445/ca/admin/console/config/login?pin=HPQkcbu71yCYk...>
After configuration, the server can be operated by the command:
    /sbin/service pki-cad restart pki-ca
------------------------------------------------------------------------------------------------------------------------
step 2:
open : "https://wotestca.com
:9445/ca/admin/console/config/login?pin=HPQkcbu71yCYkSpJg6Qz<https://wofedora:9445/ca/admin/console/config/login?pin=HPQkcbu71yCYkSpJg6Qz>
"
to CA Setup Wizard
step 3:
     choose* "Create a New Security Domain", * enter " testwosecdomain"  and
click "NEXT>" button,
return errror"Invalid characters found in Security Domain Name
testwosecdomain. Valid characters are A-Z, a-z, 0-9, dash and space"
    choose "*Join an Existing Security Domain *" ,
if enter "https://wotestca.com:9445 <https://wofedora:9445/>"
return error "org.xml.sax.SAXParseException: The string "--" is not
permitted within comments"
if enter" https://wotestca.com:9443" or " https://wotestca.com:9446"
return error "Illegal SSL Admin HTTPS url value for the security domain "
check the directory server:
#service dirsrv status
#dirsrv  testca (pid 3342) is running......
So, we can't go on, please tell me what's the problem, and how to   do?
thanks a lot.
-- 
Best Regards,
jeff
                                
                         
                        
                                
                                14 years, 2 months
                        
                        
                 
         
 
        
            
        
        
        
                
                        
                                
                                 
                                        
                                
                         
                        
                                
                                
                                        
                                                
                                        
                                        
                                        pki-dogtag operation(ca , subca)
                                
                                
                                
                                    
                                        by RD@WoSign
                                    
                                
                                
                                        hi,all,
      I have installed Dogtag Certificate System by
pki_install_guide,include ca, subca, kra, ocsp,tks,ra and tps,  configure is
finished.
i have problem in using the Dogtag Certificate Sytem, there many main
requestes follow.
     note: my test domain is wotest.com   , operate platform is fedora 13
    * 1.* after pkicreate and configure,Enrollment Certificate  by URL *
https://wotest.com:9444/ca/ee/ca/ * and Issue Certifite  are OK,
but i access subca  Agent Service, can't fetch the subca's Certificate
Enrollment  submited by SSL END USER SERVICES(*
https://wotest.com:9544/ca/ee/ca*/).
Subca's Agent Service Click *List
Requests<https://woto.localdomain:9443/ca/agent/ca/frameListReq.html>
*  display :
*Problem Processing Your Request *  *
*
*The Certificate Manager encountered an unexpected error while processing
your request. The following is a detailed message of the error that
occurred.
*
*Invalid Credential.
*
*Please consult your local administrator for further assistance. The
Certificate System logs may provide further information. *
* 2.*  if I restart fc13 and execute the "service pki-cad start " ,display:
   * pki-ca (pid 3386) is running ...
    Unsecure Port       = http://wotest.com:9180/ca/ee/ca
    Secure Agent Port   = https://wotest.com:9443/ca/agent/ca
    Secure EE Port      = https://wotest.com:9444/ca/ee/ca
    Secure Admin Port   = https://wotest.com:9445/ca/services
    EE Client Auth Port = https://wotest.com:9446/ca/eeca/ca
    PKI Console Port    = pkiconsole https://wotest.com:9445/ca* *
    Tomcat Port         = 9701 (for shutdown)
    PKI Instance Name:   pki-ca
    PKI Subsystem Type:  Root CA (Security Domain)
    Registered PKI Security Domain Information:
==========================================================================
    Name:  wotest
    URL:   https://wotest.com:9445
==========================================================================
[root@woto jeff]# service pki-cad start pki-subca
Starting pki-subca:
                                                           [确定]
pki-subca (pid 4341) is running ...
    Unsecure Port       = http://wotest.com:9580/ca/ee/ca
    Secure Agent Port   = https://wotest.com:9543/ca/agent/ca
    Secure EE Port      = https:/wotest.com:9544/ca/ee/ca
    Secure Admin Port   = https://wotest.com:9545/ca/services
    EE Client Auth Port = https://wotest.com:9546/ca/eeca/ca
    PKI Console Port    = pkiconsole https://wotest.com:9545/ca
    Tomcat Port         = 9801 (for shutdown)
    PKI Instance Name:   pki-subca
    PKI Subsystem Type:  Subordinate CA
    Registered PKI Security Domain Information:
==========================================================================
    Name:  wotest
    URL:   https://wotest.com:9445
==========================================================================*
   if i access Agent Services in CA or SUBCA, Click *List
Requests<https://woto.localdomain:9443/ca/agent/ca/frameListReq.html>
*  display :
*Problem Processing Your Request *  *
*
*The Certificate Manager encountered an unexpected error while processing
your request. The following is a detailed message of the error that
occurred.
*
*Invalid Credential.
*
*Please consult your local administrator for further assistance. The
Certificate System logs may provide further information.
*
So, we can't go on, please tell me what's the problem, and how to   do?
    thanks a lot.
    --
    Best Regards,
    jeff
                                
                         
                        
                                
                                14 years, 9 months