[PATCH] 0037 Store issuser DN in certificate records
by Fraser Tweedale
This patch causes Issuer DN to be stored in certificate records
using existing (unused) 'issuerName' attribute schema.
This will allow me to change sub-CAs implementation to a shared
certificate repo which means I don't have to worry about range
management anymore :) But I think it is a sensible change in its
own right.
UI / CLI filters for issuer can come later - there's a TODO for that
on my tracking etherpad[1] and I will file a ticket later.
[1] http://idm.etherpad.corp.redhat.com/rhel72-cert-mgmt-progress
Cheers,
Fraser
9 years, 6 months
error after upgrade from 10.2.3-2 -> 10.2.4-2
by Fraser Tweedale
Hi all,
After upgrading from 10.2.3-2 -> 10.2.4-2, pki-tomcatd cannot start.
Subsequent runs of pki-server-upgrade do not help. It appears to be
related to nuxwdog and possibly commit 7dca020 `Patches to get
nuxwdog working with systemd' which removed the
NuxwdogPasswordStoreInitializer class.
/var/log/pki/pki-server-upgrade-10.2.4.log indicates an error but I am not sure
if this is related:
[root@f22-1]/var/log/pki# cat pki-server-upgrade-10.2.4.log
Upgrading server at Sat Jun 13 03:52:37 EDT 2015.
Upgrading from version 10.2.3 to 10.2.4:
1. Fix instance work folder ownership
ERROR: an integer is required
Failed upgrading pki-tomcat instance.
Upgrade failed in pki-tomcat: an integer is required
catalina.2015-06-13.log output follows below.
I'll look into this more on Monday and hopefully get to a fix but if
anyone has a fix looming or has a hunch that I'm doing something
wrong please let me know! We'll definitely want to get this into
10.2.5.
Cheers,
Fraser
Jun 13, 2015 4:00:48 AM org.apache.tomcat.util.digester.Digester startElement
SEVERE: Begin event threw exception
java.lang.ClassNotFoundException: com.netscape.cms.tomcat.NuxwdogPasswordStoreInitializer
at java.net.URLClassLoader.findClass(URLClassLoader.java:381)
at java.lang.ClassLoader.loadClass(ClassLoader.java:424)
at java.lang.ClassLoader.loadClass(ClassLoader.java:357)
at org.apache.tomcat.util.digester.ObjectCreateRule.begin(ObjectCreateRule.java:144)
at org.apache.tomcat.util.digester.Digester.startElement(Digester.java:1288)
at org.apache.xerces.parsers.AbstractSAXParser.startElement(Unknown Source)
at org.apache.xerces.parsers.AbstractXMLDocumentParser.emptyElement(Unknown Source)
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanStartElement(Unknown Source)
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl$FragmentContentDispatcher.dispatch(Unknown Source)
at org.apache.xerces.impl.XMLDocumentFragmentScannerImpl.scanDocument(Unknown Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
at org.apache.xerces.parsers.XML11Configuration.parse(Unknown Source)
at org.apache.xerces.parsers.XMLParser.parse(Unknown Source)
at org.apache.xerces.parsers.AbstractSAXParser.parse(Unknown Source)
at org.apache.xerces.jaxp.SAXParserImpl$JAXPSAXParser.parse(Unknown Source)
at org.apache.tomcat.util.digester.Digester.parse(Digester.java:1561)
at org.apache.catalina.startup.Catalina.load(Catalina.java:615)
at org.apache.catalina.startup.Catalina.start(Catalina.java:677)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:321)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:455)
Jun 13, 2015 4:00:48 AM org.apache.catalina.startup.Catalina load
WARNING: Catalina.start using conf/server.xml: Error at (97, 82) : com.netscape.cms.tomcat.NuxwdogPasswordStoreInitializer
Jun 13, 2015 4:00:48 AM org.apache.catalina.startup.Catalina start
SEVERE: Cannot start server. Server instance is not configured.
Jun 13, 2015 4:00:48 AM org.apache.catalina.startup.Catalina stopServer
SEVERE: Could not contact localhost:8005. Tomcat may not be running.
Jun 13, 2015 4:00:48 AM org.apache.catalina.startup.Catalina stopServer
SEVERE: Catalina.stop:
java.net.ConnectException: Connection refused
at java.net.PlainSocketImpl.socketConnect(Native Method)
at java.net.AbstractPlainSocketImpl.doConnect(AbstractPlainSocketImpl.java:345)
at java.net.AbstractPlainSocketImpl.connectToAddress(AbstractPlainSocketImpl.java:206)
at java.net.AbstractPlainSocketImpl.connect(AbstractPlainSocketImpl.java:188)
at java.net.SocksSocketImpl.connect(SocksSocketImpl.java:392)
at java.net.Socket.connect(Socket.java:589)
at java.net.Socket.connect(Socket.java:538)
at java.net.Socket.<init>(Socket.java:434)
at java.net.Socket.<init>(Socket.java:211)
at org.apache.catalina.startup.Catalina.stopServer(Catalina.java:498)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:497)
at org.apache.catalina.startup.Bootstrap.stopServer(Bootstrap.java:370)
at org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:457)
9 years, 6 months
[PATCH] 608 Cleaned up links in main page.
by Endi Sukma Dewata
The ROOT's index.jsp has been modified to show the links to all
subsystems installed on the instance. When opened, it will show
the services provided by the subsystem.
The pkispawn output has been modified to show the subsystem URL
more consistently:
https://<hostname>:<port>/<subsystem>
In all subsystems except TPS the page will redirect to:
https://<hostname>:<port>/<subsystem>/services
--
Endi S. Dewata
9 years, 6 months
Documenting Issues with pkispawn, pkidestroy, pkiconsole
by Ade Lee
Hi all,
I'm editing the troubleshooting chapter in the Installation Guide which
currently consists of a series of FAQ of issues that people might/ have
run into when running pkispawn/ pkiconsole.
I'd like to get input from folks so that we can hopefully help other
folks who might run into the same issues. Some of these will show up in
the doc and others will be collated on the wiki.
I've started an etherpad for folks to add their FAQs. Please add to it
so we can improve the docs!
Thanks,
Ade
Etherpad Link: http://piratepad.net/sQurNFFmiT (aargh!)
9 years, 6 months