12:29 p.m.
Hello,
I've got a Problem at the Cloning of a CA.
At the Web GUI when I import the CA Certificate file (savepkcs12) the WebGui
showed me an error like "PKI not active"
In the debug-file there are the following entries:
[20/Oct/2008:18:32:11][http-9443-Processor21]: WizardServlet: process
[20/Oct/2008:18:32:11][http-9443-Processor21]: WizardServlet:serice() uri =
/ca/admin/console/config/wizard
[20/Oct/2008:18:32:11][http-9443-Processor21]: CMSServlet::service() param
name='password' value='xxxxxxxx'
[20/Oct/2008:18:32:11][http-9443-Processor21]: CMSServlet::service() param
name='path' value='/tmp/savepkcs12'
[20/Oct/2008:18:32:11][http-9443-Processor21]: CMSServlet::service() param
name='p' value='5'
[20/Oct/2008:18:32:11][http-9443-Processor21]: CMSServlet::service() param
name='op' value='next'
[20/Oct/2008:18:32:11][http-9443-Processor21]: WizardServlet: op=next
[20/Oct/2008:18:32:11][http-9443-Processor21]: WizardServlet: size=19
[20/Oct/2008:18:32:11][http-9443-Processor21]: WizardServlet: in next 5
[20/Oct/2008:18:32:11][http-9443-Processor21]: RestoreKeyCertPanel: this is
the clone subsystem
[20/Oct/2008:18:32:11][http-9443-Processor21]: RestoreKeyCertPanel update:
clone does not have all the certificates.
[20/Oct/2008:18:32:11][http-9443-Processor21]: panel no=5
[20/Oct/2008:18:32:11][http-9443-Processor21]: panel name=restorekeys
[20/Oct/2008:18:32:11][http-9443-Processor21]: total number of panels=19
I have bypass it by importing the Certificates with the pk12util at the same
time. What can be the Problem because of not reading the file. The contains
all necessary certificate (CA, Subsystem and OCSP). This was the export file
of the generation of the first instance.
The next Problem which I can't avoid, is that the Clone can't finish the
LDAP configuration. The Debug-File shows the following:
[20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
createChangeLog: Changelog entry has already used
[20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
enableReplication: replicadn:
cn=replica,cn="dc=linux1.tampam.de-ca-master",cn=mapping tree,cn=config
[20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
enableReplication: Successfully create
cn=replica,cn="dc=linux1.tampam.de-ca-master",cn=mapping tree,cn=config
entry.
[20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
enableReplication: replicadn:
cn=replica,cn="dc=linux1.tampam.de-ca-master",cn=mapping tree,cn=config
[20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
enableReplication: Successfully create
cn=replica,cn="dc=linux1.tampam.de-ca-master",cn=mapping tree,cn=config
entry.
[20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
setupReplication: Finished enabling replication
[20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
createReplicationAgreement: dn:
cn=masterAgreement1-linux2.tampam.de-ca-clone2,cn=replica,cn="dc=linux1.tamp
am.de-ca-master",cn=mapping tree,cn=config
[20/Oct/2008:19:23:51][http-9443-Processor19]: About to set description attr
to masterAgreement1-linux2.tampam.de-ca-clone2
[20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
createReplicationAgreement: Successfully create replication agreement
masterAgreement1-linux2.tampam.de-ca-clone2
[20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
createReplicationAgreement: dn:
cn=cloneAgreement1-linux2.tampam.de-ca-clone2,cn=replica,cn="dc=linux1.tampa
m.de-ca-master",cn=mapping tree,cn=config
[20/Oct/2008:19:23:51][http-9443-Processor19]: About to set description attr
to cloneAgreement1-linux2.tampam.de-ca-clone2
[20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
createReplicationAgreement: Successfully create replication agreement
cloneAgreement1-linux2.tampam.de-ca-clone2
[20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
initializeConsumer: initializeConsumer dn:
cn=masterAgreement1-linux2.tampam.de-ca-clone2,cn=replica,cn="dc=linux1.tamp
am.de-ca-master",cn=mapping tree,cn=config
[20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
initializeConsumer: initializeConsumer host: linux1.tampam.de port: 389
[20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
initializeConsumer: start modifying
[20/Oct/2008:19:23:52][http-9443-Processor19]: DatabasePanel
initializeConsumer: Finish modification.
[20/Oct/2008:19:23:52][http-9443-Processor19]: DatabasePanel
initializeConsumer: thread sleeping for 5 seconds.
[20/Oct/2008:19:23:57][http-9443-Processor19]: DatabasePanel
initializeConsumer: finish sleeping.
[20/Oct/2008:19:23:57][http-9443-Processor19]: DatabasePanel
initializeConsumer: Successfully initialize consumer
[20/Oct/2008:19:23:57][http-9443-Processor19]: DatabasePanel
comparetAndWaitEntries checking ou=people,dc=linux1.tampam.de-ca-master
[20/Oct/2008:19:23:57][http-9443-Processor19]: DatabasePanel
comparetAndWaitEntries ou=people,dc=linux1.tampam.de-ca-master not found,
let's wait!
[20/Oct/2008:19:24:02][http-9443-Processor19]: DatabasePanel
comparetAndWaitEntries checking ou=people,dc=linux1.tampam.de-ca-master
[20/Oct/2008:19:24:02][http-9443-Processor19]: DatabasePanel
comparetAndWaitEntries ou=people,dc=linux1.tampam.de-ca-master not found,
let's wait!
[20/Oct/2008:19:24:07][http-9443-Processor19]: DatabasePanel
comparetAndWaitEntries checking ou=people,dc=linux1.tampam.de-ca-master
[20/Oct/2008:19:24:07][http-9443-Processor19]: DatabasePanel
comparetAndWaitEntries ou=people,dc=linux1.tampam.de-ca-master not found,
let's wait!
[20/Oct/2008:19:24:13][http-9443-Processor19]: DatabasePanel
comparetAndWaitEntries checking ou=people,dc=linux1.tampam.de-ca-master
[20/Oct/2008:19:24:13][http-9443-Processor19]: DatabasePanel
comparetAndWaitEntries ou=people,dc=linux1.tampam.de-ca-master not found,
let's wait!
[20/Oct/2008:19:24:18][http-9443-Processor19]: DatabasePanel
comparetAndWaitEntries checking ou=people,dc=linux1.tampam.de-ca-master
[20/Oct/2008:19:24:18][http-9443-Processor19]: DatabasePanel
comparetAndWaitEntries ou=people,dc=linux1.tampam.de-ca-master not found,
let's wait!
etc. at the last entries it repeats ever 5 seconds and the WebGUI "Internal
Database" stops there waiting..
Perhaps some can help me
Regard Klaus Heyden
1:45 p.m.
Klaus Heyden wrote:
Hello,
I’ve got a Problem at the Cloning of a CA.
At the Web GUI when I import the CA Certificate file (savepkcs12) the
WebGui showed me an error like “PKI not active”
In the debug-file there are the following entries:
[20/Oct/2008:18:32:11][http-9443-Processor21]: WizardServlet: process
[20/Oct/2008:18:32:11][http-9443-Processor21]: WizardServlet:serice()
uri = /ca/admin/console/config/wizard
[20/Oct/2008:18:32:11][http-9443-Processor21]: CMSServlet::service()
param name='password' value='xxxxxxxx'
[20/Oct/2008:18:32:11][http-9443-Processor21]: CMSServlet::service()
param name='path' value='/tmp/savepkcs12'
[20/Oct/2008:18:32:11][http-9443-Processor21]: CMSServlet::service()
param name='p' value='5'
[20/Oct/2008:18:32:11][http-9443-Processor21]: CMSServlet::service()
param name='op' value='next'
[20/Oct/2008:18:32:11][http-9443-Processor21]: WizardServlet: op=next
[20/Oct/2008:18:32:11][http-9443-Processor21]: WizardServlet: size=19
[20/Oct/2008:18:32:11][http-9443-Processor21]: WizardServlet: in next 5
[20/Oct/2008:18:32:11][http-9443-Processor21]: RestoreKeyCertPanel:
this is the clone subsystem
[20/Oct/2008:18:32:11][http-9443-Processor21]: RestoreKeyCertPanel
update: clone does not have all the certificates.
[20/Oct/2008:18:32:11][http-9443-Processor21]: panel no=5
[20/Oct/2008:18:32:11][http-9443-Processor21]: panel name=restorekeys
[20/Oct/2008:18:32:11][http-9443-Processor21]: total number of panels=19
I have bypass it by importing the Certificates with the pk12util at
the same time. What can be the Problem because of not reading the
file. The contains all necessary certificate (CA, Subsystem and OCSP).
This was the export file of the generation of the first instance.
Is it possible the file /tmp/savepkcs12 copied on the cloned ca system
could not be read by the uid running the clone instance ?
The next Problem which I can’t avoid, is that the Clone can’t finish
the LDAP configuration. The Debug-File shows the following:
[20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
createChangeLog: Changelog entry has already used
[20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
enableReplication: replicadn:
cn=replica,cn="dc=linux1.tampam.de-ca-master",cn=mapping tree,cn=config
[20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
enableReplication: Successfully create
cn=replica,cn="dc=linux1.tampam.de-ca-master",cn=mapping
tree,cn=config entry.
[20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
enableReplication: replicadn:
cn=replica,cn="dc=linux1.tampam.de-ca-master",cn=mapping tree,cn=config
[20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
enableReplication: Successfully create
cn=replica,cn="dc=linux1.tampam.de-ca-master",cn=mapping
tree,cn=config entry.
[20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
setupReplication: Finished enabling replication
[20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
createReplicationAgreement: dn:
cn=masterAgreement1-linux2.tampam.de-ca-clone2,cn=replica,cn="dc=linux1.tampam.de-ca-master",cn=mapping
tree,cn=config
[20/Oct/2008:19:23:51][http-9443-Processor19]: About to set
description attr to masterAgreement1-linux2.tampam.de-ca-clone2
[20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
createReplicationAgreement: Successfully create replication agreement
masterAgreement1-linux2.tampam.de-ca-clone2
[20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
createReplicationAgreement: dn:
cn=cloneAgreement1-linux2.tampam.de-ca-clone2,cn=replica,cn="dc=linux1.tampam.de-ca-master",cn=mapping
tree,cn=config
[20/Oct/2008:19:23:51][http-9443-Processor19]: About to set
description attr to cloneAgreement1-linux2.tampam.de-ca-clone2
[20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
createReplicationAgreement: Successfully create replication agreement
cloneAgreement1-linux2.tampam.de-ca-clone2
[20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
initializeConsumer: initializeConsumer dn:
cn=masterAgreement1-linux2.tampam.de-ca-clone2,cn=replica,cn="dc=linux1.tampam.de-ca-master",cn=mapping
tree,cn=config
[20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
initializeConsumer: initializeConsumer host: linux1.tampam.de port: 389
[20/Oct/2008:19:23:51][http-9443-Processor19]: DatabasePanel
initializeConsumer: start modifying
[20/Oct/2008:19:23:52][http-9443-Processor19]: DatabasePanel
initializeConsumer: Finish modification.
[20/Oct/2008:19:23:52][http-9443-Processor19]: DatabasePanel
initializeConsumer: thread sleeping for 5 seconds.
[20/Oct/2008:19:23:57][http-9443-Processor19]: DatabasePanel
initializeConsumer: finish sleeping.
[20/Oct/2008:19:23:57][http-9443-Processor19]: DatabasePanel
initializeConsumer: Successfully initialize consumer
[20/Oct/2008:19:23:57][http-9443-Processor19]: DatabasePanel
comparetAndWaitEntries checking ou=people,dc=linux1.tampam.de-ca-master
[20/Oct/2008:19:23:57][http-9443-Processor19]: DatabasePanel
comparetAndWaitEntries ou=people,dc=linux1.tampam.de-ca-master not
found, let's wait!
[20/Oct/2008:19:24:02][http-9443-Processor19]: DatabasePanel
comparetAndWaitEntries checking ou=people,dc=linux1.tampam.de-ca-master
[20/Oct/2008:19:24:02][http-9443-Processor19]: DatabasePanel
comparetAndWaitEntries ou=people,dc=linux1.tampam.de-ca-master not
found, let's wait!
[20/Oct/2008:19:24:07][http-9443-Processor19]: DatabasePanel
comparetAndWaitEntries checking ou=people,dc=linux1.tampam.de-ca-master
[20/Oct/2008:19:24:07][http-9443-Processor19]: DatabasePanel
comparetAndWaitEntries ou=people,dc=linux1.tampam.de-ca-master not
found, let's wait!
[20/Oct/2008:19:24:13][http-9443-Processor19]: DatabasePanel
comparetAndWaitEntries checking ou=people,dc=linux1.tampam.de-ca-master
[20/Oct/2008:19:24:13][http-9443-Processor19]: DatabasePanel
comparetAndWaitEntries ou=people,dc=linux1.tampam.de-ca-master not
found, let's wait!
[20/Oct/2008:19:24:18][http-9443-Processor19]: DatabasePanel
comparetAndWaitEntries checking ou=people,dc=linux1.tampam.de-ca-master
[20/Oct/2008:19:24:18][http-9443-Processor19]: DatabasePanel
comparetAndWaitEntries ou=people,dc=linux1.tampam.de-ca-master not
found, let's wait!
etc… at the last entries it repeats ever 5 seconds and the WebGUI
“Internal Database” stops there waiting….
That seem quite unsual, could you provide more details on the exact
platform used, as well as rpm and directory server used ?
And may be file a bugzilla with the exact steps that were used.
Perhaps some can help me
Regard Klaus Heyden
------------------------------------------------------------------------
_______________________________________________
Pki-users mailing list
Pki-users(a)redhat.com
https://www.redhat.com/mailman/listinfo/pki-users
12:01 p.m.
New subject: AW: Failure to clone a CA
Hello,
-----Ursprüngliche Nachricht-----
> Ive got a Problem at the Cloning of a CA.
>
> At the Web GUI when I import the CA Certificate file (savepkcs12) the
> WebGui showed me an error like PKI not active
[some log deleted]
> [20/Oct/2008:18:32:11][http-9443-Processor21]:
RestoreKeyCertPanel:
> this is the clone subsystem
> [20/Oct/2008:18:32:11][http-9443-Processor21]: RestoreKeyCertPanel
> update: clone does not have all the certificates.
> [20/Oct/2008:18:32:11][http-9443-Processor21]: panel no=5
> [20/Oct/2008:18:32:11][http-9443-Processor21]: panel name=restorekeys
> [20/Oct/2008:18:32:11][http-9443-Processor21]: total number of panels=19
> I have bypass it by importing the Certificates with the pk12util at
> the same time. What can be the Problem because of not reading the
> file. The contains all necessary certificate (CA, Subsystem and OCSP).
> This was the export file of the generation of the first instance.
Is it possible the file /tmp/savepkcs12 copied on the cloned ca
system
could not be read by the uid running the clone instance ?
The file have chmod 666 so it must be readable by nobody, I've checked it
> The next Problem which I cant avoid, is that the Clone cant
finish
> the LDAP configuration. The Debug-File shows the following:
>
>
> [20/Oct/2008:19:24:18][http-9443-Processor19]: DatabasePanel
> comparetAndWaitEntries ou=people,dc=linux1.tampam.de-ca-master not
> found, let's wait!
> etc
at the last entries it repeats ever 5 seconds and the WebGUI
> Internal Database stops there waiting
.
>
That seem quite unsual, could you provide more details on the exact
platform used, as well as rpm and directory server used ?
And may be file a bugzilla with the exact steps that were used.
I am using this in a Fedora Core 9 installation and i've also this Problem
in RHEL 5.2 (target platform), with actual updates. The Directory server is
Fedora 1.1.3-2 (Fedora base package), the certificate server is 1.0.0-6
(pki-ca package), pki-common package is 1.0.0-8.
This are the packages:
Certificate Server:
pki-java-tools-1.0.0-1.fc9.noarch
pki-setup-1.0.0-2.fc9.noarch
pki-util-1.0.0-2.fc9.noarch
pki-native-tools-1.0.0-1.fc9.i386
pki-common-ui-1.0.0-2.fc9.noarch
pki-ca-ui-1.0.0-1.fc9.noarch
pki-ca-1.0.0-6.fc9.noarch
pki-common-1.0.0-8.fc9.noarch
Directory Server:
fedora-ds-dsgw-1.1.1-1.fc9.i386
fedora-ds-admin-1.1.6-1.fc9.i386
fedora-ds-admin-console-1.1.2-1.fc9.noarch
fedora-ds-console-1.1.2-2.fc9.noarch
fedora-ds-base-1.1.3-2.fc9.i386
fedora-ds-1.1.2-1.fc9.i386
regards Klaus
5905
days inactive
5906
days old
2 comments
2 participants
participants (2)
-
Klaus Heyden -
Marc Sauton