From ayoung at redhat.com Tue Nov 29 22:43:32 2011
Content-Type: multipart/mixed; boundary="===============8287996412830897973=="
MIME-Version: 1.0
From: Adam Young <ayoung at redhat.com>
To: devel at lists.dogtagpki.org
Subject: [Pki-devel] PKI-Silent  can't tell if this is success or failure
Date: Tue, 29 Nov 2011 22:43:28 -0500
Message-ID: <4ED5A660.2040207@redhat.com>

--===============8287996412830897973==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

I've been crafting a PKI Silent call from the command line,  and reading =

the various responses to see what I got wrong.  Below is the end of the =

output from my last call.  Is this "Success"?


#############################################
Attempting to connect to: ayoung.boston.devel.redhat.com:8443
Connected.
Posting Query =3D =

https://ayoung.boston.devel.redhat.com:8443//ca/admin/console/config/wizard=
?p=3D13&op=3Dnext&xml=3Dtrue&choice=3Dbackupkey&__pwd=3Dfreeipa4all&__pwdag=
ain=3Dfreeipa4all
RESPONSE STATUS:  HTTP/1.1 200 OK
RESPONSE HEADER:  Server: Apache-Coyote/1.1
RESPONSE HEADER:  Content-Type: application/xml;charset=3DUTF-8
RESPONSE HEADER:  Date: Wed, 30 Nov 2011 03:41:18 GMT
RESPONSE HEADER:  Connection: close
<?xml version=3D"1.0" encoding=3D"UTF-8"?>
<!-- BEGIN COPYRIGHT BLOCK
      This program is free software; you can redistribute it and/or modify
      it under the terms of the GNU General Public License as published by
      the Free Software Foundation; version 2 of the License.

      This program is distributed in the hope that it will be useful,
      but WITHOUT ANY WARRANTY; without even the implied warranty of
      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      GNU General Public License for more details.

      You should have received a copy of the GNU General Public License =

along
      with this program; if not, write to the Free Software Foundation, =

Inc.,
      51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.

      Copyright (C) 2007 Red Hat, Inc.
      All rights reserved.
      END COPYRIGHT BLOCK -->
<response>
<panel>admin/console/config/savepkcs12panel.vm</panel>
<res/>
<subsystemtype>ca</subsystemtype>
<showApplyButton/>
<updateStatus>success</updateStatus>
<errorString/>
<size>19</size>
<title>Save Keys and Certificates</title>
<panels>
<Vector>
<Panel>
<Id>welcome</Id>
<Name>Welcome</Name>
</Panel>
<Panel>
<Id>module</Id>
<Name>Key Store</Name>
</Panel>
<Panel>
<Id>confighsmlogin</Id>
<Name>ConfigHSMLogin</Name>
</Panel>
<Panel>
<Id>securitydomain</Id>
<Name>Security Domain</Name>
</Panel>
<Panel>
<Id>securitydomain</Id>
<Name>Display Certificate Chain</Name>
</Panel>
<Panel>
<Id>subsystem</Id>
<Name>Subsystem Type</Name>
</Panel>
<Panel>
<Id>clone</Id>
<Name>Display Certificate Chain</Name>
</Panel>
<Panel>
<Id>restorekeys</Id>
<Name>Import Keys and Certificates</Name>
</Panel>
<Panel>
<Id>cahierarchy</Id>
<Name>PKI Hierarchy</Name>
</Panel>
<Panel>
<Id>database</Id>
<Name>Internal Database</Name>
</Panel>
<Panel>
<Id>size</Id>
<Name>Key Pairs</Name>
</Panel>
<Panel>
<Id>subjectname</Id>
<Name>Subject Names</Name>
</Panel>
<Panel>
<Id>certrequest</Id>
<Name>Requests and Certificates</Name>
</Panel>
<Panel>
<Id>backupkeys</Id>
<Name>Export Keys and Certificates</Name>
</Panel>
<Panel>
<Id>savepk12</Id>
<Name>Save Keys and Certificates</Name>
</Panel>
<Panel>
<Id>importcachain</Id>
<Name>Import CA's Certificate Chain</Name>
</Panel>
<Panel>
<Id>admin</Id>
<Name>Administrator</Name>
</Panel>
<Panel>
<Id>importadmincert</Id>
<Name>Import Administrator's Certificate</Name>
</Panel>
<Panel>
<Id>done</Id>
<Name>Done</Name>
</Panel>
</Vector>
</panels>
<name>CA Setup Wizard</name>
<p>14</p>
<req/>
<panelname>savepk12</panelname>
</response>
#############################################
Attempting to connect to: ayoung.boston.devel.redhat.com:8443
Connected.
Posting Query =3D =

https://ayoung.boston.devel.redhat.com:8443//ca/admin/console/config/savepk=
cs12?
RESPONSE STATUS:  HTTP/1.1 200 OK
RESPONSE HEADER:  Server: Apache-Coyote/1.1
RESPONSE HEADER:  Content-Type: application/x-pkcs12
RESPONSE HEADER:  Date: Wed, 30 Nov 2011 03:41:19 GMT
RESPONSE HEADER:  Connection: close
ERROR: ConfigureCA: BackupPanel() failure
ERROR: unable to create CA

#######################################################################


--===============8287996412830897973==--

From alee at redhat.com Wed Nov 30 09:30:00 2011
Content-Type: multipart/mixed; boundary="===============1555909016378170618=="
MIME-Version: 1.0
From: Ade Lee <alee at redhat.com>
To: devel at lists.dogtagpki.org
Subject: Re: [Pki-devel] PKI-Silent can't tell if this is success or failure
Date: Wed, 30 Nov 2011 09:29:53 -0500
Message-ID: <1322663394.19378.30.camel@aleeredhat.laptop>
In-Reply-To: 4ED5A660.2040207@redhat.com

--===============1555909016378170618==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

This is failure.

Looks like you got a success response from the backup panel, but then
failed some processing of the response.  Maybe you do not have the
required directory in which to backup the keys?

Ade

On Tue, 2011-11-29 at 22:43 -0500, Adam Young wrote:
> I've been crafting a PKI Silent call from the command line,  and reading =

> the various responses to see what I got wrong.  Below is the end of the =

> output from my last call.  Is this "Success"?
> =

> =

> #############################################
> Attempting to connect to: ayoung.boston.devel.redhat.com:8443
> Connected.
> Posting Query =3D =

> https://ayoung.boston.devel.redhat.com:8443//ca/admin/console/config/wiza=
rd?p=3D13&op=3Dnext&xml=3Dtrue&choice=3Dbackupkey&__pwd=3Dfreeipa4all&__pwd=
again=3Dfreeipa4all
> RESPONSE STATUS:  HTTP/1.1 200 OK
> RESPONSE HEADER:  Server: Apache-Coyote/1.1
> RESPONSE HEADER:  Content-Type: application/xml;charset=3DUTF-8
> RESPONSE HEADER:  Date: Wed, 30 Nov 2011 03:41:18 GMT
> RESPONSE HEADER:  Connection: close
> <?xml version=3D"1.0" encoding=3D"UTF-8"?>
> <!-- BEGIN COPYRIGHT BLOCK
>       This program is free software; you can redistribute it and/or modify
>       it under the terms of the GNU General Public License as published by
>       the Free Software Foundation; version 2 of the License.
> =

>       This program is distributed in the hope that it will be useful,
>       but WITHOUT ANY WARRANTY; without even the implied warranty of
>       MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
>       GNU General Public License for more details.
> =

>       You should have received a copy of the GNU General Public License =

> along
>       with this program; if not, write to the Free Software Foundation, =

> Inc.,
>       51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
> =

>       Copyright (C) 2007 Red Hat, Inc.
>       All rights reserved.
>       END COPYRIGHT BLOCK -->
> <response>
> <panel>admin/console/config/savepkcs12panel.vm</panel>
> <res/>
> <subsystemtype>ca</subsystemtype>
> <showApplyButton/>
> <updateStatus>success</updateStatus>
> <errorString/>
> <size>19</size>
> <title>Save Keys and Certificates</title>
> <panels>
> <Vector>
> <Panel>
> <Id>welcome</Id>
> <Name>Welcome</Name>
> </Panel>
> <Panel>
> <Id>module</Id>
> <Name>Key Store</Name>
> </Panel>
> <Panel>
> <Id>confighsmlogin</Id>
> <Name>ConfigHSMLogin</Name>
> </Panel>
> <Panel>
> <Id>securitydomain</Id>
> <Name>Security Domain</Name>
> </Panel>
> <Panel>
> <Id>securitydomain</Id>
> <Name>Display Certificate Chain</Name>
> </Panel>
> <Panel>
> <Id>subsystem</Id>
> <Name>Subsystem Type</Name>
> </Panel>
> <Panel>
> <Id>clone</Id>
> <Name>Display Certificate Chain</Name>
> </Panel>
> <Panel>
> <Id>restorekeys</Id>
> <Name>Import Keys and Certificates</Name>
> </Panel>
> <Panel>
> <Id>cahierarchy</Id>
> <Name>PKI Hierarchy</Name>
> </Panel>
> <Panel>
> <Id>database</Id>
> <Name>Internal Database</Name>
> </Panel>
> <Panel>
> <Id>size</Id>
> <Name>Key Pairs</Name>
> </Panel>
> <Panel>
> <Id>subjectname</Id>
> <Name>Subject Names</Name>
> </Panel>
> <Panel>
> <Id>certrequest</Id>
> <Name>Requests and Certificates</Name>
> </Panel>
> <Panel>
> <Id>backupkeys</Id>
> <Name>Export Keys and Certificates</Name>
> </Panel>
> <Panel>
> <Id>savepk12</Id>
> <Name>Save Keys and Certificates</Name>
> </Panel>
> <Panel>
> <Id>importcachain</Id>
> <Name>Import CA's Certificate Chain</Name>
> </Panel>
> <Panel>
> <Id>admin</Id>
> <Name>Administrator</Name>
> </Panel>
> <Panel>
> <Id>importadmincert</Id>
> <Name>Import Administrator's Certificate</Name>
> </Panel>
> <Panel>
> <Id>done</Id>
> <Name>Done</Name>
> </Panel>
> </Vector>
> </panels>
> <name>CA Setup Wizard</name>
> <p>14</p>
> <req/>
> <panelname>savepk12</panelname>
> </response>
> #############################################
> Attempting to connect to: ayoung.boston.devel.redhat.com:8443
> Connected.
> Posting Query =3D =

> https://ayoung.boston.devel.redhat.com:8443//ca/admin/console/config/save=
pkcs12?
> RESPONSE STATUS:  HTTP/1.1 200 OK
> RESPONSE HEADER:  Server: Apache-Coyote/1.1
> RESPONSE HEADER:  Content-Type: application/x-pkcs12
> RESPONSE HEADER:  Date: Wed, 30 Nov 2011 03:41:19 GMT
> RESPONSE HEADER:  Connection: close
> ERROR: ConfigureCA: BackupPanel() failure
> ERROR: unable to create CA
> =

> #######################################################################
> =

> _______________________________________________
> Pki-devel mailing list
> Pki-devel(a)redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel



--===============1555909016378170618==--

From kchamart at redhat.com Wed Nov 30 09:48:06 2011
Content-Type: multipart/mixed; boundary="===============3304355958239236510=="
MIME-Version: 1.0
From: Kashyap Chamarthy <kchamart at redhat.com>
To: devel at lists.dogtagpki.org
Subject: Re: [Pki-devel] PKI-Silent can't tell if this is success or failure
Date: Wed, 30 Nov 2011 20:17:08 +0530
Message-ID: <4ED641EC.6060305@redhat.com>
In-Reply-To: 4ED5A660.2040207@redhat.com

--===============3304355958239236510==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

On 11/30/2011 09:13 AM, Adam Young wrote:
> I've been crafting a PKI Silent call from the command line,  and reading =
the various
> responses to see what I got wrong.  Below is the end of the output from m=
y last call.  Is
> this "Success"?

Adam, here is a successful invocation of pkisilent on Fedora-16 and it's st=
dout --
http://kashyapc.fedorapeople.org/dogtag-pki/pki-silent-succesful-stdout.txt


> =

> =

> #############################################
> Attempting to connect to: ayoung.boston.devel.redhat.com:8443
> Connected.
> Posting Query =3D
> https://ayoung.boston.devel.redhat.com:8443//ca/admin/console/config/wiza=
rd?p=3D13&op=3Dnext&xml=3Dtrue&choice=3Dbackupkey&__pwd=3Dfreeipa4all&__pwd=
again=3Dfreeipa4all
> =

> RESPONSE STATUS:  HTTP/1.1 200 OK
> RESPONSE HEADER:  Server: Apache-Coyote/1.1
> RESPONSE HEADER:  Content-Type: application/xml;charset=3DUTF-8
> RESPONSE HEADER:  Date: Wed, 30 Nov 2011 03:41:18 GMT
> RESPONSE HEADER:  Connection: close
> <?xml version=3D"1.0" encoding=3D"UTF-8"?>
> <!-- BEGIN COPYRIGHT BLOCK
>      This program is free software; you can redistribute it and/or modify
>      it under the terms of the GNU General Public License as published by
>      the Free Software Foundation; version 2 of the License.
> =

>      This program is distributed in the hope that it will be useful,
>      but WITHOUT ANY WARRANTY; without even the implied warranty of
>      MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
>      GNU General Public License for more details.
> =

>      You should have received a copy of the GNU General Public License al=
ong
>      with this program; if not, write to the Free Software Foundation, In=
c.,
>      51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
> =

>      Copyright (C) 2007 Red Hat, Inc.
>      All rights reserved.
>      END COPYRIGHT BLOCK -->
> <response>
> <panel>admin/console/config/savepkcs12panel.vm</panel>
> <res/>
> <subsystemtype>ca</subsystemtype>
> <showApplyButton/>
> <updateStatus>success</updateStatus>
> <errorString/>
> <size>19</size>
> <title>Save Keys and Certificates</title>
> <panels>
> <Vector>
> <Panel>
> <Id>welcome</Id>
> <Name>Welcome</Name>
> </Panel>
> <Panel>
> <Id>module</Id>
> <Name>Key Store</Name>
> </Panel>
> <Panel>
> <Id>confighsmlogin</Id>
> <Name>ConfigHSMLogin</Name>
> </Panel>
> <Panel>
> <Id>securitydomain</Id>
> <Name>Security Domain</Name>
> </Panel>
> <Panel>
> <Id>securitydomain</Id>
> <Name>Display Certificate Chain</Name>
> </Panel>
> <Panel>
> <Id>subsystem</Id>
> <Name>Subsystem Type</Name>
> </Panel>
> <Panel>
> <Id>clone</Id>
> <Name>Display Certificate Chain</Name>
> </Panel>
> <Panel>
> <Id>restorekeys</Id>
> <Name>Import Keys and Certificates</Name>
> </Panel>
> <Panel>
> <Id>cahierarchy</Id>
> <Name>PKI Hierarchy</Name>
> </Panel>
> <Panel>
> <Id>database</Id>
> <Name>Internal Database</Name>
> </Panel>
> <Panel>
> <Id>size</Id>
> <Name>Key Pairs</Name>
> </Panel>
> <Panel>
> <Id>subjectname</Id>
> <Name>Subject Names</Name>
> </Panel>
> <Panel>
> <Id>certrequest</Id>
> <Name>Requests and Certificates</Name>
> </Panel>
> <Panel>
> <Id>backupkeys</Id>
> <Name>Export Keys and Certificates</Name>
> </Panel>
> <Panel>
> <Id>savepk12</Id>
> <Name>Save Keys and Certificates</Name>
> </Panel>
> <Panel>
> <Id>importcachain</Id>
> <Name>Import CA's Certificate Chain</Name>
> </Panel>
> <Panel>
> <Id>admin</Id>
> <Name>Administrator</Name>
> </Panel>
> <Panel>
> <Id>importadmincert</Id>
> <Name>Import Administrator's Certificate</Name>
> </Panel>
> <Panel>
> <Id>done</Id>
> <Name>Done</Name>
> </Panel>
> </Vector>
> </panels>
> <name>CA Setup Wizard</name>
> <p>14</p>
> <req/>
> <panelname>savepk12</panelname>
> </response>
> #############################################
> Attempting to connect to: ayoung.boston.devel.redhat.com:8443
> Connected.
> Posting Query =3D
> https://ayoung.boston.devel.redhat.com:8443//ca/admin/console/config/save=
pkcs12?
> RESPONSE STATUS:  HTTP/1.1 200 OK
> RESPONSE HEADER:  Server: Apache-Coyote/1.1
> RESPONSE HEADER:  Content-Type: application/x-pkcs12
> RESPONSE HEADER:  Date: Wed, 30 Nov 2011 03:41:19 GMT
> RESPONSE HEADER:  Connection: close
> ERROR: ConfigureCA: BackupPanel() failure
> ERROR: unable to create CA
> =

> #######################################################################
> =

> _______________________________________________
> Pki-devel mailing list
> Pki-devel(a)redhat.com
> https://www.redhat.com/mailman/listinfo/pki-devel
> =



-- =

/kashyap


--===============3304355958239236510==--

From ayoung at redhat.com Wed Nov 30 11:25:15 2011
Content-Type: multipart/mixed; boundary="===============1950493779886077460=="
MIME-Version: 1.0
From: Adam Young <ayoung at redhat.com>
To: devel at lists.dogtagpki.org
Subject: Re: [Pki-devel] PKI-Silent can't tell if this is success or failure
Date: Wed, 30 Nov 2011 11:25:11 -0500
Message-ID: <4ED658E7.8020404@redhat.com>
In-Reply-To: 1322663394.19378.30.camel@aleeredhat.laptop

--===============1950493779886077460==
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable

OK,  that was it.  When I switched to :

  -save_p12 false \

it worked.

On 11/30/2011 09:29 AM, Ade Lee wrote:
> This is failure.
>
> Looks like you got a success response from the backup panel, but then
> failed some processing of the response.  Maybe you do not have the
> required directory in which to backup the keys?
>
> Ade
>
> On Tue, 2011-11-29 at 22:43 -0500, Adam Young wrote:
>> I've been crafting a PKI Silent call from the command line,  and reading
>> the various responses to see what I got wrong.  Below is the end of the
>> output from my last call.  Is this "Success"?
>>
>>
>> #############################################
>> Attempting to connect to: ayoung.boston.devel.redhat.com:8443
>> Connected.
>> Posting Query =3D
>> https://ayoung.boston.devel.redhat.com:8443//ca/admin/console/config/wiz=
ard?p=3D13&op=3Dnext&xml=3Dtrue&choice=3Dbackupkey&__pwd=3Dfreeipa4all&__pw=
dagain=3Dfreeipa4all
>> RESPONSE STATUS:  HTTP/1.1 200 OK
>> RESPONSE HEADER:  Server: Apache-Coyote/1.1
>> RESPONSE HEADER:  Content-Type: application/xml;charset=3DUTF-8
>> RESPONSE HEADER:  Date: Wed, 30 Nov 2011 03:41:18 GMT
>> RESPONSE HEADER:  Connection: close
>> <?xml version=3D"1.0" encoding=3D"UTF-8"?>
>> <!-- BEGIN COPYRIGHT BLOCK
>>        This program is free software; you can redistribute it and/or mod=
ify
>>        it under the terms of the GNU General Public License as published=
 by
>>        the Free Software Foundation; version 2 of the License.
>>
>>        This program is distributed in the hope that it will be useful,
>>        but WITHOUT ANY WARRANTY; without even the implied warranty of
>>        MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
>>        GNU General Public License for more details.
>>
>>        You should have received a copy of the GNU General Public License
>> along
>>        with this program; if not, write to the Free Software Foundation,
>> Inc.,
>>        51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
>>
>>        Copyright (C) 2007 Red Hat, Inc.
>>        All rights reserved.
>>        END COPYRIGHT BLOCK -->
>> <response>
>> <panel>admin/console/config/savepkcs12panel.vm</panel>
>> <res/>
>> <subsystemtype>ca</subsystemtype>
>> <showApplyButton/>
>> <updateStatus>success</updateStatus>
>> <errorString/>
>> <size>19</size>
>> <title>Save Keys and Certificates</title>
>> <panels>
>> <Vector>
>> <Panel>
>> <Id>welcome</Id>
>> <Name>Welcome</Name>
>> </Panel>
>> <Panel>
>> <Id>module</Id>
>> <Name>Key Store</Name>
>> </Panel>
>> <Panel>
>> <Id>confighsmlogin</Id>
>> <Name>ConfigHSMLogin</Name>
>> </Panel>
>> <Panel>
>> <Id>securitydomain</Id>
>> <Name>Security Domain</Name>
>> </Panel>
>> <Panel>
>> <Id>securitydomain</Id>
>> <Name>Display Certificate Chain</Name>
>> </Panel>
>> <Panel>
>> <Id>subsystem</Id>
>> <Name>Subsystem Type</Name>
>> </Panel>
>> <Panel>
>> <Id>clone</Id>
>> <Name>Display Certificate Chain</Name>
>> </Panel>
>> <Panel>
>> <Id>restorekeys</Id>
>> <Name>Import Keys and Certificates</Name>
>> </Panel>
>> <Panel>
>> <Id>cahierarchy</Id>
>> <Name>PKI Hierarchy</Name>
>> </Panel>
>> <Panel>
>> <Id>database</Id>
>> <Name>Internal Database</Name>
>> </Panel>
>> <Panel>
>> <Id>size</Id>
>> <Name>Key Pairs</Name>
>> </Panel>
>> <Panel>
>> <Id>subjectname</Id>
>> <Name>Subject Names</Name>
>> </Panel>
>> <Panel>
>> <Id>certrequest</Id>
>> <Name>Requests and Certificates</Name>
>> </Panel>
>> <Panel>
>> <Id>backupkeys</Id>
>> <Name>Export Keys and Certificates</Name>
>> </Panel>
>> <Panel>
>> <Id>savepk12</Id>
>> <Name>Save Keys and Certificates</Name>
>> </Panel>
>> <Panel>
>> <Id>importcachain</Id>
>> <Name>Import CA's Certificate Chain</Name>
>> </Panel>
>> <Panel>
>> <Id>admin</Id>
>> <Name>Administrator</Name>
>> </Panel>
>> <Panel>
>> <Id>importadmincert</Id>
>> <Name>Import Administrator's Certificate</Name>
>> </Panel>
>> <Panel>
>> <Id>done</Id>
>> <Name>Done</Name>
>> </Panel>
>> </Vector>
>> </panels>
>> <name>CA Setup Wizard</name>
>> <p>14</p>
>> <req/>
>> <panelname>savepk12</panelname>
>> </response>
>> #############################################
>> Attempting to connect to: ayoung.boston.devel.redhat.com:8443
>> Connected.
>> Posting Query =3D
>> https://ayoung.boston.devel.redhat.com:8443//ca/admin/console/config/sav=
epkcs12?
>> RESPONSE STATUS:  HTTP/1.1 200 OK
>> RESPONSE HEADER:  Server: Apache-Coyote/1.1
>> RESPONSE HEADER:  Content-Type: application/x-pkcs12
>> RESPONSE HEADER:  Date: Wed, 30 Nov 2011 03:41:19 GMT
>> RESPONSE HEADER:  Connection: close
>> ERROR: ConfigureCA: BackupPanel() failure
>> ERROR: unable to create CA
>>
>> #######################################################################
>>
>> _______________________________________________
>> Pki-devel mailing list
>> Pki-devel(a)redhat.com
>> https://www.redhat.com/mailman/listinfo/pki-devel
>


--===============1950493779886077460==--