FW: pki=kra configuration hangs on Administration

Thursday, 28 March 2013

Ade,
Thanks for the help.
It turned out to be a cert issue.
Resolution was to remove all PKI certs in Firefox and then remove and reinstall pki-ocsp,
pki-kra and pki-ca.
All 3 modules configured cleanly.

-----Original Message-----
From: Ade Lee [mailto:alee@redhat.com] 
Sent: Thursday, March 28, 2013 9:59 AM
To: Chris Grijalva
Cc: pki-users(a)redhat.com
Subject: Re: [Pki-users] pki=kra configuration hangs on Administration

Can you try using Firefox to do the configuration of the KRA?
Up to now, we have supported only firefox for the installation servlets.

If that still does not work, we'd need to see some server logs - say everything under
/var/log/pki-kra, as well as logs for the CA.

The status says that it still needs to be configured because the configuration did not
complete.  As you say, it looks like its failing to generate an administrator cert.  That
may be a problem in the client (Chrome), in the KRA/OCSP, or on the CA (which would be
receiving the cert request and issuing the cert).  We'd need to look at logs to see
where its failing.

Ade

On Wed, 2013-03-27 at 17:39 -0500, Chris Grijalva wrote:
...
 Hi all, new to the list.

 Installed the following packages on CentOS 6.4

                   [root@devops-cert tmp]# yum list | grep pki

                   dogtag-pki-ca-theme.noarch
 9.0.6-1.fc15
 @/dogtag-pki-ca-theme-9.0.6-1.fc15.noarch

                   dogtag-pki-common-theme.noarch
 9.0.6-1.fc15
 @/dogtag-pki-common-theme-9.0.6-1.fc15.noarch

                   dogtag-pki-console-theme.noarch
 9.0.6-1.fc15
 @/dogtag-pki-console-theme-9.0.6-1.fc15.noarch

                   dogtag-pki-kra-theme.noarch
 9.0.6-1.fc15
 @/dogtag-pki-kra-theme-9.0.6-1.fc15.noarch

                   dogtag-pki-ocsp-theme.noarch
           9.0.6-1.fc15
 @/dogtag-pki-ocsp-theme-9.0.6-1.fc15.noarch

                   pki-ca.noarch
 9.0.3-30.el6                   @base

                   pki-common.noarch
 9.0.3-30.el6                   @base

                   pki-common-javadoc.noarch
 9.0.3-30.el6                   @base

                   pki-console.noarch
 9.0.3-1.fc15                   @/pki-console-9.0.3-1.fc15.noarch

                   pki-java-tools.noarch
 9.0.3-30.el6                   @base

                   pki-java-tools-javadoc.noarch
 9.0.3-30.el6                   @base

                   pki-kra.noarch
 9.0.4-1.fc15                   @/pki-kra-9.0.4-1.fc15.noarch

                   pki-native-tools.x86_64
 9.0.3-30.el6                   @base

                   pki-ocsp.noarch
 9.0.3-1.fc15                   @/pki-ocsp-9.0.3-1.fc15.noarch

                   pki-selinux.noarch
 9.0.3-30.el6                   @base

                   pki-setup.noarch
  9.0.3-30.el6                   @base

                   pki-silent.noarch
 9.0.3-30.el6                   @base

                   pki-symkey.x86_64
 9.0.3-30.el6                   @base

                   pki-util.noarch
 9.0.3-30.el6                   @base

                   pki-util-javadoc.noarch
 9.0.3-30.el6                   @base

                   ipa-pki-ca-theme.noarch                  9.0.3-7.el6
 base

                   ipa-pki-common-theme.noarch
 9.0.3-7.el6                    base

                   krb5-pkinit-openssl.x86_64
 1.10.3-10.el6_4.1              updates

                   jss.x86_64
 4.2.6-24.el6                   @base

                   tomcatjss.noarch                         2.1.0-2.el6
 @base

                   osutil.x86_64                            2.0.1-1.el6
 @base

 Configured pki-ca cleanly and then proceeded to configure pki-kra, 
 which hangs on the Administrator panel.

 Debug doesn't show errors, only logging status.

 [27/Mar/2013:12:59:49][http-10445-3]: AdminPanel: display

 [27/Mar/2013:12:59:49][http-10445-3]: panel no=13

 [27/Mar/2013:12:59:49][http-10445-3]: panel name=adminpanel

 [27/Mar/2013:12:59:49][http-10445-3]: total number of panels=16

 I’ve bounced pki-krad, used a new instance of Chrome as admin when 
 running the pki-kra admin console config.

 Used the pki-ca Administrator cert listed below, as a template for 
 pki-kra and still no joy.

 The Dogtag Certificate Manager shows 5 pki-kra DRM certificates, but 
 no admin cert.  pki-krad status shows it's

 running, but must still be CONFIGURED!

 JXplorer shows,

 2;4;CN=Certificate Authority,OU=pki-ca,O=Pfi Domain;CN=CA Subsystem 
 Certificate,OU=pki-ca,O=Pfi Domain

 2;10;CN=Certificate Authority,OU=pki-ca,O=Pfi Domain;CN=DRM Subsystem 
 Certificate,OU=pki-kra,O=Pfi Domain

 2;14;CN=Certificate Authority,OU=pki-ca,O=Pfi Domain;CN=OCSP Subsystem 
 Certificate,OU=pki-ocsp,O=Pfi Domain

 2;6;CN=Certificate Authority,OU=pki-ca,O=Pfi Domain;CN=CA 
 Administrator of Instance 
 pki-ca,UID=admin,E=Chris.Grijalva(a)soteradefense.com,O=Pfi Domain

 Any idea what I’m doing wrong and why this configuration doesn’t 
 generate a pki-kra or pki-ocspd CA Administrator cert to complete the 
 configuration?

 Cheers,

 Chris Grijalva

 _______________________________________________
 Pki-users mailing list
 Pki-users(a)redhat.com
 https://www.redhat.com/mailman/listinfo/pki-users 

2024

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008