Hi, all,
   I am trying to install Dogtag Certificate System, but at the "PKI Subsystem Configuration", we have the problem at step: "Creat e a New Securit y Domain", whatever we enter, it display error "$errorString", and if we choose the "*Join an Existing Security Domain *", it display error "org.xml.sax.SAXParseException: The   string "--" is not permitted within comments.   
Maybe some components or configure is error, but I setup and configure pki subsystem(include Requirements and runtime tool) by the site:http://pki.fedoraproject.org/wiki/PKI_Install_Guide ,
 
the infomation of my configure and environment:
 
hostname: wotestca.com
step 1:
============================================================
Starting pki-ca:                                           [OK]
pki-ca (pid 2817) is running ...
    'pki-ca' must still be CONFIGURED!
    (see /var/log/pki-ca-install.log)
Before proceeding with the configuration, make sure
the firewall settings of this machine permit proper
access to this subsystem.
Please start the configuration by accessing:
https://wotestca.com:9445/ca/admin/console/config/login?pin=HPQkcbu71yCYkSpJg6Qz
After configuration, the server can be operated by the command:
    /sbin/service pki-cad restart pki-ca
------------------------------------------------------------------------------------------------------------------------
 
step 2:
open : "https://wotestca.com:9445/ca/admin/console/config/login?pin=HPQkcbu71yCYkSpJg6Qz"
to CA Setup Wizard
 
step 3:
     choose "Create a New Security Domain",  enter " testwosecdomain"  and click "NEXT>" button,
return errror"Invalid characters found in Security Domain Name testwosecdomain. Valid characters are A-Z, a-z, 0-9, dash and space"
 
    choose "Join an Existing Security Domain " ,
if enter "https://wotestca.com:9445"   
return error "org.xml.sax.SAXParseException: The string "--" is not permitted within comments
 
if enter" https://wotestca.com:9443" or " https://wotestca.com:9446"
return error "Illegal SSL Admin HTTPS url value for the security domain "
 
 
check the directory server:
#service dirsrv status
#dirsrv  testca (pid 3342) is running......
 
So, we can't go on, please tell me what's the problem, and how to   do? thanks a lot.

--
Best Regards,
jeff