回复: 回复: 回复: "SecurityDomain HTTPSAdmin URL not found "
by 骷髅猫
Hi Alee
I used firefox's keymanager plugin to do some simple test. Just connect to RA server and click next and next ,then encontered this error.
But I did't go through any source about pkiclient.cgi ,so I 'm not sure where introduce the file pkiclient.xml.
another question,
If the client request can choose some file which used by server cgi internally, is there any security risk?
Best Regards
sbaa
------------------ 原始邮件 ------------------
发件人: "alee"<alee(a)redhat.com>;
发送时间: 2013年4月30日(星期二) 中午1:06
收件人: "骷髅猫"<sbaa(a)vip.qq.com>;
抄送: "Pki-users"<Pki-users(a)redhat.com>;
主题: Re: 回复: 回复: [Pki-users] "SecurityDomain HTTPSAdmin URL not found "
I don't see anything in the code about pkiclient.xml.
Can you detail exactly what you did to test SCEP?
Thanks,
Ade
On Sun, 2013-04-28 at 15:13 +0800, 骷髅猫 wrote:
> Hi Alee
>
>
> Thank you, I finished the configuration for RA server by disable
> SElinux
> But when I test the SCEP feature, I got such error:
> In error log:
> [Sun Apr 28 03:05:56.891164 2013] [:error] [pid 1822:tid
> 140696560207616] [Sun Apr 28 03:05:56 2013] -e: Could not find
> pkiclient.xml in /var/lib/pki-ra/docroot/ee/scep/
> at /var/lib/pki-ra/docroot/ee/scep/pkiclient.cgi line 81.\n
>
>
> on firefox:
> Software error:
> Could not find pkiclient.xml in /var/lib/pki-ra/docroot/ee/scep/ at /var/lib/pki-ra/docroot/ee/scep/pkiclient.cgi line 81.
>
> For help, please send mail to the webmaster (you(a)example.com), giving
> this error message and the time and date of the error.
>
>
>
>
> Thanks
> sbaa
> ------------------ 原始邮件 ------------------
> 发件人: "alee"<alee(a)redhat.com>;
> 发送时间: 2013年4月28日(星期天) 下午2:00
> 收件人: "骷髅猫"<sbaa(a)vip.qq.com>;
> 抄送: "Pki-users"<Pki-users(a)redhat.com>;
> 主题: Re: 回复: [Pki-users] "SecurityDomain HTTPS Admin URL not found
> "
>
>
> I ran into the same problem:
>
> The one you want is https://localhost.domain:8443
>
> I resolved this by setting selinux in permissive mode. I will file a
> bug against selinux policy on Monday.
>
> Ade
>
> On Sun, 2013-04-28 at 02:27 +0800, 骷髅猫 wrote:
> > Hi alee
> >
> >
> > I tried following urls
> >
> >
> > https://localhost.localdomain:8443
> > https://localhost.localdomain:8443/ca
> > http://localhost.localdomain:8080
> > http://localhost.localdomain:8080/ca
> >
> >
> > but all failed.
> >
> >
> > and i found some info in error log (/var/log/pki-ra/error_log )
> > GET /ca/admin/ca/getStatus HTTP/1.0
> >
> >
> > port: 8443
> > addr='localhost.localdomain'
> > family='2'
> > IP='127.0.0.1'
> > exit after PR_Connect with error -5985:
> > GET /ca/admin/ca/getStatus HTTP/1.0
> >
> >
> > port: 9445
> > addr='localhost.localdomain'
> > family='2'
> > IP='127.0.0.1'
> > exit after PR_Connect with error -5961:
> >
> >
> > ------------------ 原始邮件 ------------------
> > 发件人: "Ade Lee"<alee(a)redhat.com>;
> > 发送时间: 2013年4月28日(星期天) 凌晨1:04
> > 收件人: "骷髅猫"<sbaa(a)vip.qq.com>;
> > 抄送: "Pki-users"<Pki-users(a)redhat.com>;
> > 主题: Re: [Pki-users] "Security Domain HTTPS Admin URL not found "
> >
> >
> > What value are you putting in for your security domain?
> >
> > Ade
> > On Sat, 2013-04-27 at 23:39 +0800, 骷髅猫 wrote:
> > > Hi All
> > > I'am a new user of dogtag.
> > > I try the latest build 10.0.2.
> > > I install ca server success,but when I configure a ra subsystem,
> > >
> > >
> > > url :
> > > https://localhost.localdomain:12890/ra/admin/console/config/wizard
> > >
> > >
> > > it alwarys show error "Security Domain HTTPS Admin URL not found"
> > and
> > > " Create a New Security Domai" cannot be choose.
> > > any ideas?
> > >
> > >
> > > thanks
> > >
> > >
> > > _______________________________________________
> > > Pki-users mailing list
> > > Pki-users(a)redhat.com
> > > https://www.redhat.com/mailman/listinfo/pki-users
> >
> >
> > .
> >
>
>
> .
>
.
11 years, 7 months
回复: 回复: "SecurityDomain HTTPS Admin URL not found "
by 骷髅猫
Hi Alee
Thank you, I finished the configuration for RA server by disable SElinux
But when I test the SCEP feature, I got such error:
In error log:
[Sun Apr 28 03:05:56.891164 2013] [:error] [pid 1822:tid 140696560207616] [Sun Apr 28 03:05:56 2013] -e: Could not find pkiclient.xml in /var/lib/pki-ra/docroot/ee/scep/ at /var/lib/pki-ra/docroot/ee/scep/pkiclient.cgi line 81.\n
on firefox:
Software error:
Could not find pkiclient.xml in /var/lib/pki-ra/docroot/ee/scep/ at /var/lib/pki-ra/docroot/ee/scep/pkiclient.cgi line 81.
For help, please send mail to the webmaster (you(a)example.com), giving this error message and the time and date of the error.
Thanks
sbaa
------------------ 原始邮件 ------------------
发件人: "alee"<alee(a)redhat.com>;
发送时间: 2013年4月28日(星期天) 下午2:00
收件人: "骷髅猫"<sbaa(a)vip.qq.com>;
抄送: "Pki-users"<Pki-users(a)redhat.com>;
主题: Re: 回复: [Pki-users] "SecurityDomain HTTPS Admin URL not found "
I ran into the same problem:
The one you want is https://localhost.domain:8443
I resolved this by setting selinux in permissive mode. I will file a
bug against selinux policy on Monday.
Ade
On Sun, 2013-04-28 at 02:27 +0800, 骷髅猫 wrote:
> Hi alee
>
>
> I tried following urls
>
>
> https://localhost.localdomain:8443
> https://localhost.localdomain:8443/ca
> http://localhost.localdomain:8080
> http://localhost.localdomain:8080/ca
>
>
> but all failed.
>
>
> and i found some info in error log (/var/log/pki-ra/error_log )
> GET /ca/admin/ca/getStatus HTTP/1.0
>
>
> port: 8443
> addr='localhost.localdomain'
> family='2'
> IP='127.0.0.1'
> exit after PR_Connect with error -5985:
> GET /ca/admin/ca/getStatus HTTP/1.0
>
>
> port: 9445
> addr='localhost.localdomain'
> family='2'
> IP='127.0.0.1'
> exit after PR_Connect with error -5961:
>
>
> ------------------ 原始邮件 ------------------
> 发件人: "Ade Lee"<alee(a)redhat.com>;
> 发送时间: 2013年4月28日(星期天) 凌晨1:04
> 收件人: "骷髅猫"<sbaa(a)vip.qq.com>;
> 抄送: "Pki-users"<Pki-users(a)redhat.com>;
> 主题: Re: [Pki-users] "Security Domain HTTPS Admin URL not found "
>
>
> What value are you putting in for your security domain?
>
> Ade
> On Sat, 2013-04-27 at 23:39 +0800, 骷髅猫 wrote:
> > Hi All
> > I'am a new user of dogtag.
> > I try the latest build 10.0.2.
> > I install ca server success,but when I configure a ra subsystem,
> >
> >
> > url :
> > https://localhost.localdomain:12890/ra/admin/console/config/wizard
> >
> >
> > it alwarys show error "Security Domain HTTPS Admin URL not found"
> and
> > " Create a New Security Domai" cannot be choose.
> > any ideas?
> >
> >
> > thanks
> >
> >
> > _______________________________________________
> > Pki-users mailing list
> > Pki-users(a)redhat.com
> > https://www.redhat.com/mailman/listinfo/pki-users
>
>
> .
>
.
11 years, 7 months
回复: "Security Domain HTTPS Admin URL not found "
by 骷髅猫
other debug info
[root@localhost ~]# grep WARN /var/log/pki-ra-install.log
[2013-04-27 14:10:57] [debug] WARNING: Possible missed substitution "[CA_HOST]" in /usr/share/pki/ra/conf/CS.cfg
[2013-04-27 14:10:57] [debug] WARNING: Possible missed substitution "[CA_PORT]" in /usr/share/pki/ra/conf/CS.cfg
[2013-04-27 14:10:57] [debug] WARNING: Possible missed substitution "[HSM_LABEL]" in /usr/share/pki/ra/conf/CS.cfg
[2013-04-27 14:10:57] [debug] WARNING: Possible missed substitution "[NICKNAME]" in /usr/share/pki/ra/conf/CS.cfg
[root@localhost ~]# curl http://localhost.localdomain:8080/ca/admin/ca/getStatus
<?xml version="1.0" encoding="UTF-8" standalone="no"?><XMLResponse><State>1</State><Type>CA</Type><Status>running</Status><Version>10.0.2-0.8.20130427T0339zgit4ffee7a.fc18</Version></XMLResponse>[root@localhost ~]#
------------------ 原始邮件 ------------------
发件人: "骷髅猫"<sbaa(a)vip.qq.com>;
发送时间: 2013年4月28日(星期天) 凌晨2:27
收件人: "alee"<alee(a)redhat.com>;
抄送: "Pki-users"<Pki-users(a)redhat.com>;
主题: 回复: [Pki-users] "Security Domain HTTPS Admin URL not found "
Hi alee
I tried following urls
https://localhost.localdomain:8443
https://localhost.localdomain:8443/ca
http://localhost.localdomain:8080
http://localhost.localdomain:8080/ca
but all failed.
and i found some info in error log (/var/log/pki-ra/error_log )
GET /ca/admin/ca/getStatus HTTP/1.0
port: 8443
addr='localhost.localdomain'
family='2'
IP='127.0.0.1'
exit after PR_Connect with error -5985:
GET /ca/admin/ca/getStatus HTTP/1.0
port: 9445
addr='localhost.localdomain'
family='2'
IP='127.0.0.1'
exit after PR_Connect with error -5961:
------------------ 原始邮件 ------------------
发件人: "Ade Lee"<alee(a)redhat.com>;
发送时间: 2013年4月28日(星期天) 凌晨1:04
收件人: "骷髅猫"<sbaa(a)vip.qq.com>;
抄送: "Pki-users"<Pki-users(a)redhat.com>;
主题: Re: [Pki-users] "Security Domain HTTPS Admin URL not found "
What value are you putting in for your security domain?
Ade
On Sat, 2013-04-27 at 23:39 +0800, 骷髅猫 wrote:
> Hi All
> I'am a new user of dogtag.
> I try the latest build 10.0.2.
> I install ca server success,but when I configure a ra subsystem,
>
>
> url :
> https://localhost.localdomain:12890/ra/admin/console/config/wizard
>
>
> it alwarys show error "Security Domain HTTPS Admin URL not found" and
> " Create a New Security Domai" cannot be choose.
> any ideas?
>
>
> thanks
>
>
> _______________________________________________
> Pki-users mailing list
> Pki-users(a)redhat.com
> https://www.redhat.com/mailman/listinfo/pki-users
.
11 years, 8 months
TPS Service says Error: Authentication Failure
by Buckingham
Hello Dogtag Users,
There is a little problem getting the TPS Services page to display
anything other than ERROR: Authentication Failure for Operator Services,
Agent Services and Administrator Services. It may happen with pki-ra but
I have not tested to this point, I would like to solve this one error at
a time.
The first time I set up the TPS I saw that it was failing because of a
wrong user, the logs displayed admin to access LDAP instead of the one I
wanted. After stopping all of the pki sub-systems I did a pkiremove of
the TPS sub-system. Then starting the other sub-systems I did a
pkicreate and started the configuration from my browser (Firefox 16.0.1
on OSX). Probably due to fat fingers or something I forget to change the
default "admin" to my particular user in one of the panes. However No
luck, I still get the Authentication Error in the browser but do not see
any complaints about admin authentication in the logs. Oh yes, I
restarted the TPS sub-system after configuration, twice.
The errors in the TPS logs are:
File does not exist: /var/lib/pki-tps/docroot/img ,this happens every
time I try to click on any of the 3 items in the list.
Searching I see /var/lib/pki-tps/docroot is there but no img directory.
and I also have been getting [error] Failed to authenticate request
Looking under pki-ra there is a docroot/images.
I did find a /usr/share/pki/tps/docroot but it also has no img directory.
There is a /usr/share/pki/tps-ui/docroot/tps/admin/console/img and it
has stuff in it (gifs and pngs).
One thing I noticed is that all the other sub-systems have their img
directories under the webapps directory, but not RA and TPS.
My setup
Fedora:
Fedora release 15 (Lovelock)
Kernel \r on an \m (\l)
Dogtag:
pki-ca 9.0.7-1.fc15
pki-kra 9.0.3-1.fc15
pki-ocsp 9.0.2-1.fc15
pki-ra 9.0.2-1.fc15
pki-tks 9.0.2-1.fc15
pki-setup 9.0.7-1.fc15
pki-common 9.0.7-1.fc15
pki=console 9.0.2-1.fc15
pki-native-tools 9.0.7-1.fc15
pki-selinux 9.0.7-1.fc15
389-DS:
Admin & Console suite 1.2.1-2.fc15
DS_Base and Base-libs 1.2.8.3-1.fc15
DS-Console 1.2.5-1.fc15
389-dsgw 1.1.6-2.fc15
ESC:
1.1.0-14.fc15
I have looked, but google IS NOT my friend this time.
Many thanks in advance.
11 years, 8 months