pki 10.5 - Unable to log in to PKI console
by Wolf, Brian
I installed PKI-CA several years ago on a Redhat 7 (actually Oracle Unbreakable Linux) server. I used it to create certificates for an application and have not really used it since. I had to renew the base certificates last year. That took some effort, but I got it to work. Now I am unable to connect to the web-based agent page. I copied the PKI Administrator .p12 certificate from ~/.dogtag/MyInstance/ to my laptop and installed it under "Your Certificates and the signing certificate under Authorities in Firefox. When I try to connect to the agent page (https://.../ca/agent/ca), the padlock goes green, but I get an "Invalid Credential" error. /var/log/pki/risd-ise/ca/system contains
Cannot authenticate agent with certificate Serial 0x33 Subject DN CN=PKI Administrator,E=caadmin(a)MyServer.MyDomain,OU=MyInstance,O=MyDomain. Error: User not found
The caadmin cert is in ~/.dogtag/risd-ise/ca/alias/cer8.db. There are actually two entries- the current one and the previous expired one. It is also in /etc/pki/ca-trust/source/anchors
What it is looking for and where?
- Brian
# certutil -L -d ~/.dogtag/MyInstance/ca/alias
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
CA Signing Certificate - MyDomain CT,c,
caadmin u,u,u
caadmin u,u,u
# certutil -L -d ~/.dogtag/MyInstance/ca/alias -n caadmin
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 51 (0x33)
Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
Issuer: "CN=CA Signing Certificate,OU=MyInstance,O=MyDomain"
Validity:
Not Before: Tue Feb 26 04:20:43 2019
Not After : Wed Feb 26 04:20:43 2020
Subject: "CN=PKI Administrator,E=caadmin(a)MyServer.MyDomain,OU=MyInstance
,O=MyDomain"
Subject Public Key Info:
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 6 (0x6)
Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
Issuer: "CN=CA Signing Certificate,OU=MyInstance,O=MyDomain"
Validity:
Not Before: Fri Mar 10 22:38:25 2017
Not After : Thu Feb 28 22:38:25 2019
Subject: "CN=PKI Administrator,E=caadmin(a)MyServer.MyDomainr,OU=MyInstance
,O=MyDomain"
Subject Public Key Info:
Public Key Algorithm: PKCS #1 RSA Encryption
RSA Public Key:
# certutil -L -d /etc/pki/ca-trust/source/anchors -n "PKI Administrator - MyDomain"
Certificate:
Data:
Version: 3 (0x2)
Serial Number: 51 (0x33)
Signature Algorithm: PKCS #1 SHA-256 With RSA Encryption
Issuer: "CN=CA Signing Certificate,OU=MyInstance,O=MyDomain"
Validity:
Not Before: Tue Feb 26 04:20:43 2019
Not After : Wed Feb 26 04:20:43 2020
Subject: "CN=PKI Administrator,E=caadmin(a)MyServer.MyDomain,OU=MyInstance
,O=MyDomain"
Subject Public Key Info:
Public Key Algorithm: PKCS #1 RSA Encryption
RSA Public Key:
Modulus:
Current versions:
Current versions:
Linux 4.14.35-1902.10.7.el7uek.x86_64 #2 SM
pki-base-10.5.16-6
pki-base-java-10.5.16-6.el7_7.noarch
java-1.8.0-openjdk-1.8.0.242.b08-0.el7_7.x86_64
6 years
- 2
- 9
Dogtag Build
by Sharath
Hello Team,
I have taken the source code git repository, currently pointing
origin/DOGTAG_10_6_BRANCH. Can you please text the steps to build Dogtag
PKI source ?
./build.sh is failed due to dependencies...
is there any automated script or solution to install the required
dependencies ?
Currently using below OS:
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="https://www.centos.org/"
BUG_REPORT_URL="https://bugs.centos.org/"
CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"
Thanks,
Sharath
6 years
- 5
- 4
- ← Newer
- 1
- Older →