Send Pki-users mailing list submissions to
pki-users(a)redhat.com
To subscribe or unsubscribe via the World Wide Web, visit
https://www.redhat.com/mailman/listinfo/pki-users
or, via email, send a message with subject or body 'help' to
pki-users-request(a)redhat.com
You can reach the person managing the list at
pki-users-owner(a)redhat.com
When replying, please edit your Subject line so it is more specific
than "Re: Contents of Pki-users digest..."
Today's Topics:
1. TKS Not Starting Correctly (Dan Whitmire)
2. Re: TKS Not Starting Correctly (E Deon Lackey)
----------------------------------------------------------------------
Message: 1
Date: Tue, 07 Feb 2012 19:51:43 -0600
From: Dan Whitmire<dan.whitmire(a)sonshineaccess.com>
To: pki-users(a)redhat.com
Subject: [Pki-users] TKS Not Starting Correctly
Message-ID:<4F31D52F.1040405@sonshineaccess.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
I'd really appreciate it is anyone can help with a problem I'm having
with the TKS Subsystem. I have CA, RA, TKS, and TPS installed.
However, when starting the pki-tksd service I get the message that is
started [ok] but when I try to complete the configuration after install,
I get:
# service pki-tksd status
pki-tks-SonshineAccess dead but subsys locked [WARNING]
Log files:
# tail /var/log/pki-tks-SonshineAccess/selftests.log
28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem:
Initializing self test plugins:
28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem:
loading all self test plugin logger parameters
28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem:
loading all self test plugin instances
28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem:
loading all self test plugin instance parameters
28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem:
loading self test plugins in on-demand order
28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem:
loading self test plugins in startup order
28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem: Self
test plugins have been successfully loaded!
28141.main - [07/Feb/2012:19:23:54 CST] [20] [1] SelfTestSubsystem:
Running self test plugins specified to be executed at startup:
28141.main - [07/Feb/2012:19:23:54 CST] [20] [1] TKSKnownSessionKey:
TKS self test called TKSKnownSessionKey FAILED!
28141.main - [07/Feb/2012:19:23:54 CST] [20] [1] SelfTestSubsystem: The
CRITICAL self test plugin called
selftests.container.instance.TKSKnownSessionKey running at startup FAILED
# tail /var/log/pki-tks-SonshineAccess/system
9458.main - [02/Feb/2012:21:46:46 CST] [13] [3] authz instance
DirAclAuthz initialization failed and skipped, error=Property
internaldb.ldapconn.port missing value
# tail /var/log/pki-tks-SonshineAccess/debug
[07/Feb/2012:19:23:54][main]: TKSKnownSessionKey self test FAILED
[07/Feb/2012:19:23:54][main]: SignedAuditEventFactory: create()
message=[AuditEvent=SELFTESTS_EXECUTION][SubjectID=$System$][Outcome=Failure]
self tests execution (see selftests.log for details)
[07/Feb/2012:19:23:54][main]: CMSEngine.shutdown()
[07/Feb/2012:19:23:55][main]: LogFile:In log shutdown
[07/Feb/2012:19:23:55][main]: SignedAuditEventFactory: create()
message=[AuditEvent=AUDIT_LOG_SHUTDOWN][SubjectID=$System$][Outcome=Success]
audit function shutdown
[07/Feb/2012:19:23:55][main]: LogFile:In log shutdown
[07/Feb/2012:19:23:55][main]: SignedAuditEventFactory: create()
message=[AuditEvent=AUDIT_LOG_SHUTDOWN][SubjectID=$System$][Outcome=Success]
audit function shutdown
------------------------------
Message: 2
Date: Tue, 07 Feb 2012 20:22:48 -0600
From: E Deon Lackey<dlackey(a)redhat.com>
To: pki-users(a)redhat.com
Subject:
Message-ID:<4F31DC78.7060408@redhat.com>
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Hey, Dan.
It failed at the SessionKey test, so I *think* you need to create a
shared secret for the TKS and TPS to use.
When you configure the TKS (go through the wizard), then the last step
is #13, here:
http://docs.redhat.com/docs/en-US/Red_Hat_Certificate_System/8.1/html/Dep...
That creates a shared secret key. Without it, the TKS fails to start.
Once the TKS is set up, you can set up the TPS, which are steps 17/18 here:
http://docs.redhat.com/docs/en-US/Red_Hat_Certificate_System/8.1/html/Dep...
I think. If it doesn't work, then someone with more knowledge can help
you out. :)
Deon
On 2/7/2012 7:51 PM, Dan Whitmire wrote:
> I'd really appreciate it is anyone can help with a problem I'm having
> with the TKS Subsystem. I have CA, RA, TKS, and TPS installed.
> However, when starting the pki-tksd service I get the message that is
> started [ok] but when I try to complete the configuration after
> install, I get:
>
> # service pki-tksd status
> pki-tks-SonshineAccess dead but subsys locked [WARNING]
>
>
> Log files:
> # tail /var/log/pki-tks-SonshineAccess/selftests.log
> 28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem:
> Initializing self test plugins:
> 28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem:
> loading all self test plugin logger parameters
> 28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem:
> loading all self test plugin instances
> 28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem:
> loading all self test plugin instance parameters
> 28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem:
> loading self test plugins in on-demand order
> 28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem:
> loading self test plugins in startup order
> 28141.main - [07/Feb/2012:19:23:53 CST] [20] [1] SelfTestSubsystem:
> Self test plugins have been successfully loaded!
> 28141.main - [07/Feb/2012:19:23:54 CST] [20] [1] SelfTestSubsystem:
> Running self test plugins specified to be executed at startup:
> 28141.main - [07/Feb/2012:19:23:54 CST] [20] [1] TKSKnownSessionKey:
> TKS self test called TKSKnownSessionKey FAILED!
> 28141.main - [07/Feb/2012:19:23:54 CST] [20] [1] SelfTestSubsystem:
> The CRITICAL self test plugin called
> selftests.container.instance.TKSKnownSessionKey running at startup FAILED
>
> # tail /var/log/pki-tks-SonshineAccess/system
> 9458.main - [02/Feb/2012:21:46:46 CST] [13] [3] authz instance
> DirAclAuthz initialization failed and skipped, error=Property
> internaldb.ldapconn.port missing value
> # tail /var/log/pki-tks-SonshineAccess/debug
> [07/Feb/2012:19:23:54][main]: TKSKnownSessionKey self test FAILED
> [07/Feb/2012:19:23:54][main]: SignedAuditEventFactory: create()
> message=[AuditEvent=SELFTESTS_EXECUTION][SubjectID=$System$][Outcome=Failure]
> self tests execution (see selftests.log for details)
>
> [07/Feb/2012:19:23:54][main]: CMSEngine.shutdown()
> [07/Feb/2012:19:23:55][main]: LogFile:In log shutdown
> [07/Feb/2012:19:23:55][main]: SignedAuditEventFactory: create()
> message=[AuditEvent=AUDIT_LOG_SHUTDOWN][SubjectID=$System$][Outcome=Success]
> audit function shutdown
>
> [07/Feb/2012:19:23:55][main]: LogFile:In log shutdown
> [07/Feb/2012:19:23:55][main]: SignedAuditEventFactory: create()
> message=[AuditEvent=AUDIT_LOG_SHUTDOWN][SubjectID=$System$][Outcome=Success]
> audit function shutdown
>
>
> _______________________________________________
> Pki-users mailing list
> Pki-users(a)redhat.com
>
https://www.redhat.com/mailman/listinfo/pki-users
I entered the command found in the documentation
# tkstool -T -d /var/lib/pki-tks-SonshineAccess/alias -n sharedSecret
Enter Password or Pin for "NSS Certificate DB":
I enter a password and it continues to ask "Enter Password or Pin for
"NSS Certificate DB":" Is there something I'm ding wrong when I
setup
my system? Everything looks the same as the document. I don't recall
having this problem when I set this up on Fedora 13. I'm using Fedora 15.
------------------------------
_______________________________________________
Pki-users mailing list
Pki-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-users
End of Pki-users Digest, Vol 47, Issue 2
****************************************