AW: [Pki-users] Failure to clone a CA
Hello,
-----Ursprüngliche Nachricht-----
> Ive got a Problem at the Cloning of a CA.
>
> At the Web GUI when I import the CA Certificate file (savepkcs12) the
> WebGui showed me an error like PKI not active
[some log deleted]
> [20/Oct/2008:18:32:11][http-9443-Processor21]:
RestoreKeyCertPanel:
> this is the clone subsystem
> [20/Oct/2008:18:32:11][http-9443-Processor21]: RestoreKeyCertPanel
> update: clone does not have all the certificates.
> [20/Oct/2008:18:32:11][http-9443-Processor21]: panel no=5
> [20/Oct/2008:18:32:11][http-9443-Processor21]: panel name=restorekeys
> [20/Oct/2008:18:32:11][http-9443-Processor21]: total number of panels=19
> I have bypass it by importing the Certificates with the pk12util at
> the same time. What can be the Problem because of not reading the
> file. The contains all necessary certificate (CA, Subsystem and OCSP).
> This was the export file of the generation of the first instance.
Is it possible the file /tmp/savepkcs12 copied on the cloned ca
system
could not be read by the uid running the clone instance ?
The file have chmod 666 so it must be readable by nobody, I've checked it
> The next Problem which I cant avoid, is that the Clone cant
finish
> the LDAP configuration. The Debug-File shows the following:
>
>
> [20/Oct/2008:19:24:18][http-9443-Processor19]: DatabasePanel
> comparetAndWaitEntries ou=people,dc=linux1.tampam.de-ca-master not
> found, let's wait!
> etc
at the last entries it repeats ever 5 seconds and the WebGUI
> Internal Database stops there waiting
.
>
That seem quite unsual, could you provide more details on the exact
platform used, as well as rpm and directory server used ?
And may be file a bugzilla with the exact steps that were used.
I am using this in a Fedora Core 9 installation and i've also this Problem
in RHEL 5.2 (target platform), with actual updates. The Directory server is
Fedora 1.1.3-2 (Fedora base package), the certificate server is 1.0.0-6
(pki-ca package), pki-common package is 1.0.0-8.
This are the packages:
Certificate Server:
pki-java-tools-1.0.0-1.fc9.noarch
pki-setup-1.0.0-2.fc9.noarch
pki-util-1.0.0-2.fc9.noarch
pki-native-tools-1.0.0-1.fc9.i386
pki-common-ui-1.0.0-2.fc9.noarch
pki-ca-ui-1.0.0-1.fc9.noarch
pki-ca-1.0.0-6.fc9.noarch
pki-common-1.0.0-8.fc9.noarch
Directory Server:
fedora-ds-dsgw-1.1.1-1.fc9.i386
fedora-ds-admin-1.1.6-1.fc9.i386
fedora-ds-admin-console-1.1.2-1.fc9.noarch
fedora-ds-console-1.1.2-2.fc9.noarch
fedora-ds-base-1.1.3-2.fc9.i386
fedora-ds-1.1.2-1.fc9.i386
regards Klaus