Re: [Pki-users] CMCEnroll: java.io.IOException: Internal Error - java.io.IOException: Sequence tag error 9

Hi! I'm trying to get CMC signed enrollment to work. What I want to do is create certificate requests via a web based tool on one server, and ship them to the CA for auto-vetting. It looks like in my situation using signed CMC is the most simple solution. I *think* I have set everything up correctly but, when I try to test my assumption by using either CMCEnroll or CMCRequest to create a CMC request I get the following error: [root@ebbe test]# CMCEnroll -d "/root/test/cmc-agent/" -n "cmc" -r "/root/test/test3.csr" -p "bla" cert/key prefix = path = /root/test/cmc-agent/ java.io.IOException: Internal Error - java.io.IOException: Sequence tag error 9 at com.netscape.cmstools.CMCEnroll.getCMCBlob(CMCEnroll.java:133) at com.netscape.cmstools.CMCEnroll.main(CMCEnroll.java:412)

and the same error comes when using CMCRequest. Now, this is NOT an error with the CA setup, as the CA doesn't come in play yet, no? Unfortunately I haven't debugged enough Java problems yet to understand what the error means. Maybe there's some library/class missing somewhere? If anyone could help out that would be great :) I'm running Fedora 9 and DogTag 1.00, package list is below: [root@ebbe test]# yum list | grep pki pki-ca.noarch 1.0.0-6.fc9 installed pki-ca-ui.noarch 1.0.0-1.fc9 installed pki-common.noarch 1.0.0-8.fc9 installed pki-common-ui.noarch 1.0.0-2.fc9 installed pki-console.noarch 1.0.0-4.fc9 installed pki-console-ui.noarch 1.0.0-1.fc9 installed pki-java-tools.noarch 1.0.0-1.fc9 installed pki-native-tools.i386 1.0.0-1.fc9 installed pki-ra.noarch 1.0.0-2.fc9 installed pki-ra-ui.noarch 1.0.0-1.fc9 installed pki-setup.noarch 1.0.0-2.fc9 installed pki-util.noarch 1.0.0-2.fc9 installed krb5-pkinit-openssl.i386 1.6.3-10.fc9 fedora pki-common-javadoc.noarch 1.0.0-8.fc9 pki pki-java-tools-javadoc.noarch 1.0.0-1.fc9 pki pki-kra.noarch 1.0.0-2.fc9 pki pki-kra-ui.noarch 1.0.0-2.fc9 pki pki-manage.noarch 1.0.0-1.fc9 pki pki-migrate.noarch 1.0.0-1.fc9 pki pki-ocsp.noarch 1.0.0-2.fc9 pki pki-ocsp-ui.noarch 1.0.0-1.fc9 pki pki-silent.noarch 1.0.0-1.fc9 pki pki-tks.noarch 1.0.0-2.fc9 pki pki-tks-ui.noarch 1.0.0-1.fc9 pki pki-tps.i386 1.0.0-2.fc9 pki pki-tps-ui.noarch 1.0.0-2.fc9 pki pki-util-javadoc.noarch 1.0.0-2.fc9 pki The contents of test3.csr: [root@ebbe test]# cat test3.csr Certificate request generated by Netscape certutil Phone: (not specified) Common Name: test4 Email: (not specified) Organization: (not specified) State: (not specified) Country: (not specified) -----BEGIN NEW CERTIFICATE REQUEST----- MIIBTzCBuQIBADAQMQ4wDAYDVQQDEwV0ZXN0NDCBnzANBgkqhkiG9w0BAQEFAAOB jQAwgYkCgYEA5wv8VPSNH7HH0Nsdr2/3xu3fqglDbQUz8CxhFvFHXm26a1DlyC+l pqZXCgozJzpb1N5EXDR/Wg1VVbcJNnKyvJOa4XqOqqAPFKLfH5GhAijOIIQRuLL/ WHlUeY2LUHcLCZ257b9QEOTrR6iVZPp74r2l7CBkXQ3zvx4PRfX2eY8CAwEAAaAA MA0GCSqGSIb3DQEBBQUAA4GBAB6R3Gf4koSXucYifCIFri3vTSt2ThK7GpKrYe86 JLYOTk4aNdaL/wZDNBLnnw8if8Gv2y/LcpR7Qvto52uckCA2+rRWEYmHhDs8NF6U q0HuaYaUgN1kdOqrzjGFaZxG5eSJkLnmFpKlp+9OsnNfz43v9zzeomzqSdRHpPEZ pmFM -----END NEW CERTIFICATE REQUEST-----

The contents of the certificate database that's used for the CMC agent: [root@ebbe test]# certutil -L -d /root/test/cmc-agent Certificate Nickname Trust Attributes SSL,S/MIME,JAR/XPI CMC Agent - NetherNordic SLCS u,u,u cmc u,u,u ca c,c,c