12:29 p.m.
Hello,
I've got a Problem at the Cloning of a CA.
At the Web GUI when I import the CA Certificate file (savepkcs12) the WebGui
showed me an error like "PKI not active"
In the debug-file there are the following entries:
[20/Oct/2008:18:32:11][http-9443-Processor21]: WizardServlet: process
[20/Oct/2008:18:32:11][http-9443-Processor21]: WizardServlet:serice() uri =
/ca/admin/console/config/wizard
[20/Oct/2008:18:32:11][http-9443-Processor21]: CMSServlet::service() param
name='password' value='xxxxxxxx'
[20/Oct/2008:18:32:11][http-9443-Processor21]: CMSServlet::service() param
name='path' value='/tmp/savepkcs12'
[20/Oct/2008:18:32:11][http-9443-Processor21]: CMSServlet::service() param
name='p' value='5'
[20/Oct/2008:18:32:11][http-9443-Processor21]: CMSServlet::service() param
name='op' value='next'
[20/Oct/2008:18:32:11][http-9443-Processor21]: WizardServlet: op=next
[20/Oct/2008:18:32:11][http-9443-Processor21]: WizardServlet: size=19
[20/Oct/2008:18:32:11][http-9443-Processor21]: WizardServlet: in next 5
[20/Oct/2008:18:32:11][http-9443-Processor21]: RestoreKeyCertPanel: this is
the clone subsystem
[20/Oct/2008:18:32:11][http-9443-Processor21]: RestoreKeyCertPanel update:
clone does not have all the certificates.
[20/Oct/2008:18:32:11][http-9443-Processor21]: panel no=5
[20/Oct/2008:18:32:11][http-9443-Processor21]: panel name=restorekeys
[20/Oct/2008:18:32:11][http-9443-Processor21]: total number of panels=19
I have bypass it by importing the Certificates with the pk12util at the same
time. What can be the Problem because of not reading the file. The contains
all necessary certificate (CA, Subsystem and OCSP). This was the export file
of the generation of the first instance.
The next Problem which I can't avoid, is that the Clone can't finish the
LDAP configuration. The Debug-File shows the following:
[20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
createChangeLog: Changelog entry has already used
[20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
enableReplication: replicadn:
cn=replica,cn="dc=linux1.tampam.de-ca-master",cn=mapping tree,cn=config
[20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
enableReplication: Successfully create
cn=replica,cn="dc=linux1.tampam.de-ca-master",cn=mapping tree,cn=config
entry.
[20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
enableReplication: replicadn:
cn=replica,cn="dc=linux1.tampam.de-ca-master",cn=mapping tree,cn=config
[20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
enableReplication: Successfully create
cn=replica,cn="dc=linux1.tampam.de-ca-master",cn=mapping tree,cn=config
entry.
[20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
setupReplication: Finished enabling replication
[20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
createReplicationAgreement: dn:
cn=masterAgreement1-linux2.tampam.de-ca-clone2,cn=replica,cn="dc=linux1.tamp
am.de-ca-master",cn=mapping tree,cn=config
[20/Oct/2008:19:23:51][http-9443-Processor19]: About to set description attr
to masterAgreement1-linux2.tampam.de-ca-clone2
[20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
createReplicationAgreement: Successfully create replication agreement
masterAgreement1-linux2.tampam.de-ca-clone2
[20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
createReplicationAgreement: dn:
cn=cloneAgreement1-linux2.tampam.de-ca-clone2,cn=replica,cn="dc=linux1.tampa
m.de-ca-master",cn=mapping tree,cn=config
[20/Oct/2008:19:23:51][http-9443-Processor19]: About to set description attr
to cloneAgreement1-linux2.tampam.de-ca-clone2
[20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
createReplicationAgreement: Successfully create replication agreement
cloneAgreement1-linux2.tampam.de-ca-clone2
[20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
initializeConsumer: initializeConsumer dn:
cn=masterAgreement1-linux2.tampam.de-ca-clone2,cn=replica,cn="dc=linux1.tamp
am.de-ca-master",cn=mapping tree,cn=config
[20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
initializeConsumer: initializeConsumer host: linux1.tampam.de port: 389
[20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
initializeConsumer: start modifying
[20/Oct/2008:19:23:52][http-9443-Processor19]: DatabasePanel
initializeConsumer: Finish modification.
[20/Oct/2008:19:23:52][http-9443-Processor19]: DatabasePanel
initializeConsumer: thread sleeping for 5 seconds.
[20/Oct/2008:19:23:57][http-9443-Processor19]: DatabasePanel
initializeConsumer: finish sleeping.
[20/Oct/2008:19:23:57][http-9443-Processor19]: DatabasePanel
initializeConsumer: Successfully initialize consumer
[20/Oct/2008:19:23:57][http-9443-Processor19]: DatabasePanel
comparetAndWaitEntries checking ou=people,dc=linux1.tampam.de-ca-master
[20/Oct/2008:19:23:57][http-9443-Processor19]: DatabasePanel
comparetAndWaitEntries ou=people,dc=linux1.tampam.de-ca-master not found,
let's wait!
[20/Oct/2008:19:24:02][http-9443-Processor19]: DatabasePanel
comparetAndWaitEntries checking ou=people,dc=linux1.tampam.de-ca-master
[20/Oct/2008:19:24:02][http-9443-Processor19]: DatabasePanel
comparetAndWaitEntries ou=people,dc=linux1.tampam.de-ca-master not found,
let's wait!
[20/Oct/2008:19:24:07][http-9443-Processor19]: DatabasePanel
comparetAndWaitEntries checking ou=people,dc=linux1.tampam.de-ca-master
[20/Oct/2008:19:24:07][http-9443-Processor19]: DatabasePanel
comparetAndWaitEntries ou=people,dc=linux1.tampam.de-ca-master not found,
let's wait!
[20/Oct/2008:19:24:13][http-9443-Processor19]: DatabasePanel
comparetAndWaitEntries checking ou=people,dc=linux1.tampam.de-ca-master
[20/Oct/2008:19:24:13][http-9443-Processor19]: DatabasePanel
comparetAndWaitEntries ou=people,dc=linux1.tampam.de-ca-master not found,
let's wait!
[20/Oct/2008:19:24:18][http-9443-Processor19]: DatabasePanel
comparetAndWaitEntries checking ou=people,dc=linux1.tampam.de-ca-master
[20/Oct/2008:19:24:18][http-9443-Processor19]: DatabasePanel
comparetAndWaitEntries ou=people,dc=linux1.tampam.de-ca-master not found,
let's wait!
etc. at the last entries it repeats ever 5 seconds and the WebGUI "Internal
Database" stops there waiting..
Perhaps some can help me
Regard Klaus Heyden
1:45 p.m.
Klaus Heyden wrote:
Is it possible the file /tmp/savepkcs12 copied on the cloned ca system
could not be read by the uid running the clone instance ?
That seem quite unsual, could you provide more details on the exact
platform used, as well as rpm and directory server used ?
And may be file a bugzilla with the exact steps that were used.
12:01 p.m.
New subject: AW: Failure to clone a CA
Hello,
-----Ursprüngliche Nachricht-----
[some log deleted]
Is it possible the file /tmp/savepkcs12 copied on the cloned ca
system
could not be read by the uid running the clone instance ?
The file have chmod 666 so it must be readable by nobody, I've checked it
I am using this in a Fedora Core 9 installation and i've also this Problem
in RHEL 5.2 (target platform), with actual updates. The Directory server is
Fedora 1.1.3-2 (Fedora base package), the certificate server is 1.0.0-6
(pki-ca package), pki-common package is 1.0.0-8.
This are the packages:
Certificate Server:
pki-java-tools-1.0.0-1.fc9.noarch
pki-setup-1.0.0-2.fc9.noarch
pki-util-1.0.0-2.fc9.noarch
pki-native-tools-1.0.0-1.fc9.i386
pki-common-ui-1.0.0-2.fc9.noarch
pki-ca-ui-1.0.0-1.fc9.noarch
pki-ca-1.0.0-6.fc9.noarch
pki-common-1.0.0-8.fc9.noarch
Directory Server:
fedora-ds-dsgw-1.1.1-1.fc9.i386
fedora-ds-admin-1.1.6-1.fc9.i386
fedora-ds-admin-console-1.1.2-1.fc9.noarch
fedora-ds-console-1.1.2-2.fc9.noarch
fedora-ds-base-1.1.3-2.fc9.i386
fedora-ds-1.1.2-1.fc9.i386
regards Klaus
6056
days inactive
6057
days old
2 comments
2 participants
participants (2)
-
Klaus Heyden -
Marc Sauton