November 2008 - Pki-users - Dogtag Pki List Archives

by Matthew Harmsen

It has recently been brought to the attention of the Dogtag developers that numerous users in the Dogtag community have encountered problems successfully running the TPS subsystem. On Fedora 8, we believe that we have isolated this issue as being related to normal Fedora 8 updates of the following two packages: NSS 3.11 --> NSS 3.12 MOD_NSS 1.0.7-2 --> MOD_NSS 1.0.7-3 or later Dogtag developers are currently working on a permanent fix for this issue. However, until such time, users wishing to run a TPS subsystem are urged to use the original Fedora 8 GOLD bits available via http://fedoraproject.org/en/get-fedora. After this fresh install it is important not to apply any updates that affect either the nss or mod_nss packages. As we believe a very similar problem exists on Fedora 9, we would urge users wishing to run a TPS subsystem install this component on the aforementioned Fedora 8 platform.

14 years, 4 months

1
0
0 / 0

error -12271 trying to ESC connect to TPS

by Ebbe Hansen

I am not successful connecting the ESC (Smart Card Manager) client to the TPS. I have configured TPS and ESC as documented in ESC Guide. The error message says: "Could not establish an encrypted connection because your certificate was rejected. Error -12271". Looks like the ESC needs a user certificate and key to establish SSL connection. Not sure how the ESC can be configured to access a dedicated user certificate & key? Can ESC detect and possibly use the TPS Admin cert/key if running on same platform? Ehansen @ SPYRUS Corp.

14 years, 4 months

2
7
0 / 0

Cannot get fedora-ds to start

by Zach Casper

My created fedora-ds instance for Dogtag will not start Following all instructions on Dogtag site on Fedora 8 - I successfully had this working about 2 months ago - moved to something else - came back and have encountered this. Receive the following error when trying to start dirsrv "createprlistensockets - PR_Bind() on All Interfaces port 389 failed: Netscape Portable Runtime error -5982 (Local Network address is in use.)" Any advice? -- Zach Casper Envieta LLC 410/290-1136 x105 (Office) 330/618-5618 (Mobile) zach.casper(a)envieta.com ----------------------------------------

14 years, 4 months

2
1
0 / 0

DogTag Setup https problems

by Zach Casper

I'm having issues w/ the default configurations of the pki-ca and other https required services. I continue to receive HTTP Status 500 messages Apache Tomcat/5.5.23 "The server encountered an internal error () that prevented it from fulfilling this request." Any advice would be greatly appreciated. -- Zach Casper Envieta LLC 410/290-1136 x105 (Office) ----------------------------------------

14 years, 4 months

2
1
0 / 0

DogTag Response to CMC Request from SLCS Server ..

by Graham Jenkins

We're using Dogtag pki-ca-1.0.0-1.fc8 as an Online CA to provide certificates in response to requests from a SLCS server. And the log file we're seeing on the SLCS server is saying: -- INFO [TP-Processor7] CertificateServlet.doProcess: CertificateSigningRequest= -----BEGIN CERTIFICATE REQUEST----- MIICTjCCAbcCAQAwgaExFDASBgoJkiaJk/IsZAEZFgRzbGNzMRQwEgYKCZImiZPy .. 9ChQYHcP8EpaseH8XymdH1bw -----END CERTIFICATE REQUEST----- INFO [TP-Processor7] CertificateServlet.doProcess: send certificate request to CA server ERROR [TP-Processor7] CMCConnection.checkResponseHeaders: Invalid Content-Type in HTTP response header: text/html -- So what we're thinking is that perhaps we are sending our request to the wrong URL .. viz: <CAUrl>https://slcscadev.vpac.org:9443/ca/ee/ca/</CAUrl> Does anyone have any ideas about this please? -- Graham Jenkins Australian Research Collaboration Service Victorian Partnership for Advanced Computing (+613) 9925-4862

14 years, 4 months

2
3
0 / 0

Build CMS fom Subversion

by Heyden, Klaus (Allianz ASIC SE)

Hello, i've a problem by buildung the PKI from Subversion source. When building the PK12util i've got the following error: [root@ca4sit-2 util]# ./build_linux Buildfile: config/release.xml [echo] Importing shared properties ... [echo] Completed importing shared properties. main: [echo] Generating 'pki-util' RPMS and SRPMS ... [echo] Established the '/usr/src/release/pki/base/util' top-level directory. [echo] Creating the 'pki-util' source distribution ... [exec] Buildfile: build.xml [exec] distribute_source: [exec] [echo] Creating 'pki-util' source distributions ... [exec] [mkdir] Created dir: /usr/src/release/pki/base/util/dist/source [exec] [echo] Creating 'pki-util' source zip files ... [exec] [zip] Building zip: /usr/src/release/pki/base/util/dist/source/pki-util-1.0.0.zip [exec] [echo] Completed creating 'pki-util' source zip files. [exec] [echo] Creating 'pki-util' source tar files ... [exec] [tar] Building tar: /usr/src/release/pki/base/util/dist/source/pki-util-1.0.0.tar [exec] [echo] Completed creating 'pki-util' source tar files. [exec] [echo] Creating 'pki-util' source gzip files ... [exec] [gzip] Building: /usr/src/release/pki/base/util/dist/source/pki-util-1.0.0.tar.gz [exec] [delete] Deleting: /usr/src/release/pki/base/util/dist/source/pki-util-1.0.0.tar [exec] [echo] Completed creating 'pki-util' source gzip files. [exec] [echo] Completed creating 'pki-util' source distributions. [exec] BUILD SUCCESSFUL [exec] Total time: 1 second [echo] Completed creating the 'pki-util' source distribution. [echo] Creating 'pki-util' RPM directories ... [mkdir] Created dir: /usr/src/release/pki/base/util/dist/rpmpkg [mkdir] Created dir: /usr/src/release/pki/base/util/dist/rpmpkg/SOURCES [mkdir] Created dir: /usr/src/release/pki/base/util/dist/rpmpkg/RPMS [mkdir] Created dir: /usr/src/release/pki/base/util/dist/rpmpkg/SRPMS [mkdir] Created dir: /usr/src/release/pki/base/util/dist/rpmpkg/SPECS [mkdir] Created dir: /usr/src/release/pki/base/util/dist/rpmpkg/BUILD [echo] Completed creating 'pki-util' RPM directories. [echo] Building 'pki-util' RPMS and SRPMS ... [exec] Executing(%prep): /bin/sh -e /var/tmp/rpm-tmp.20981 [exec] + umask 022 [exec] + cd /usr/src/release/pki/base/util/./dist/rpmpkg/BUILD [exec] + cd /usr/src/release/pki/base/util/dist/rpmpkg/BUILD [exec] + rm -rf pki-util-1.0.0 [exec] + /bin/gzip -dc /usr/src/release/pki/base/util/dist/source/pki-util-1.0.0.tar.gz [exec] + tar -xf - [exec] + STATUS=0 [exec] + '[' 0 -ne 0 ']' [exec] + cd pki-util-1.0.0 [exec] ++ /usr/bin/id -u [exec] + '[' 0 = 0 ']' [exec] + /bin/chown -Rhf root . [exec] ++ /usr/bin/id -u [exec] + '[' 0 = 0 ']' [exec] + /bin/chgrp -Rhf root . [exec] + /bin/chmod -Rf a+rX,u+w,g-w,o-w . [exec] + exit 0 [exec] Executing(%build): /bin/sh -e /var/tmp/rpm-tmp.90748 [exec] + umask 022 [exec] + cd /usr/src/release/pki/base/util/./dist/rpmpkg/BUILD [exec] + cd pki-util-1.0.0 [exec] + ant -Dspecfile=pki-util.spec [exec] Buildfile: build.xml [exec] clean: [exec] [echo] Removing 'pki-util' component directories ... [exec] [echo] Completed removing 'pki-util' component directories. [exec] clean_javadocs: [exec] [echo] Removing 'pki-util' javadocs directory ... [exec] [echo] Completed removing 'pki-util' javadocs directory. [exec] compile_java: [exec] [echo] Compiling 'pki-util' java code from 'src' into 'build/classes' ... [exec] [mkdir] Created dir: /usr/src/release/pki/base/util/dist/rpmpkg/BUILD/pki-util-1.0.0/build/classes [exec] [javac] Compiling 179 source files to /usr/src/release/pki/base/util/dist/rpmpkg/BUILD/pki-util-1.0.0/build/classes [exec] [javac] /usr/src/release/pki/base/util/dist/rpmpkg/BUILD/pki-util-1.0.0/src/netscape/security/extensions/AuthInfoAccessExtension.java:239: cannot access com.netscape.osutil.OSUtil [exec] [javac] bad class file: /usr/lib/java/osutil.jar(com/netscape/osutil/OSUtil.class) [exec] [javac] class file has wrong version 50.0, should be 49.0 [exec] [javac] Please remove or make sure it appears in the correct subdirectory of the classpath. [exec] [javac] System.out.println(com.netscape.osutil.OSUtil.BtoA(os.toByteArray())); [exec] [javac] ^ [exec] [javac] Note: * uses or overrides a deprecated API. [exec] [javac] Note: Recompile with -Xlint:deprecation for details. [exec] [javac] Note: Some input files use unchecked or unsafe operations. [exec] [javac] Note: Recompile with -Xlint:unchecked for details. [exec] [javac] 1 error [exec] BUILD FAILED [exec] /usr/src/release/pki/base/util/dist/rpmpkg/BUILD/pki-util-1.0.0/build.xml:66: Compile failed; see the compiler error output for details. [exec] Total time: 1 second [exec] error: Bad exit status from /var/tmp/rpm-tmp.90748 (%build) [exec] RPM build errors: [exec] Bad exit status from /var/tmp/rpm-tmp.90748 (%build) [exec] Result: 1 [echo] Completed building 'pki-util' RPMS and SRPMS. [echo] Removing various 'pki-util' RPM directories and files ... [delete] Deleting directory /usr/src/release/pki/base/util/dist/rpmpkg/BUILD [echo] Completed removing various 'pki-util' RPM directories and files. [echo] Completed generating 'pki-util' RPMS and SRPMS. Reagards Klaus Heyden

14 years, 4 months

1
0
0 / 0

Re: [Pki-users] failed Administrator logon

by Heyden, Klaus (Allianz ASIC SE)

Hi, i have fixed it, it was the certificate issued at the installation. I added a user via pkiconsole and issued a new certificate for User admin, think it is the changed Subject DN which i changed at installation. regards Klaus Heyden

14 years, 4 months

1
0
0 / 0

CA publishing to external Directory

by Adewumi, Julius-p99373

Any idea why CA couldn't publish to external Directory? From the enable publishing console, I put the directory server host and port number, and the credentials. When "saved" it successfully said "CRL is published". But not on the external hostname. Network trace showed ldap bindrequest and searchrequest successfully sent across and unbindrequest was the final packet. The CA console logged the error "sdr PWsdrCache addEntry failed" each time. The failure seemed to be from the CA rather than from the directory server. Any info will help. Julius

14 years, 4 months

2
2
0 / 0

2023

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

Pki-users November 2008