It has recently been brought to the attention of the Dogtag developers
that numerous users in the Dogtag community have encountered problems
successfully running the TPS subsystem. On Fedora 8, we believe that we
have isolated this issue as being related to normal Fedora 8 updates of
the following two packages:
NSS 3.11 --> NSS 3.12
MOD_NSS 1.0.7-2 --> MOD_NSS 1.0.7-3 or later
Dogtag developers are currently working on a permanent fix for this
issue. However, until such time, users wishing to run a TPS subsystem
are urged to use the original Fedora 8 GOLD bits available via
After this fresh install it is important not to apply any updates that
affect either the nss or mod_nss packages.
As we believe a very similar problem exists on Fedora 9, we would urge
users wishing to run a TPS subsystem install this component on the
aforementioned Fedora 8 platform.
I am not successful connecting the ESC (Smart Card Manager) client to
the TPS. I have configured TPS and ESC as documented in ESC Guide.
The error message says: "Could not establish an encrypted connection
because your certificate was rejected. Error -12271".
Looks like the ESC needs a user certificate and key to establish SSL
Not sure how the ESC can be configured to access a dedicated user
certificate & key? Can ESC detect and possibly use the TPS Admin
cert/key if running on same platform?
Ehansen @ SPYRUS Corp.
My created fedora-ds instance for Dogtag will not start
Following all instructions on Dogtag site on Fedora 8 - I successfully had
this working about 2 months ago - moved to something else - came back and
have encountered this.
Receive the following error when trying to start dirsrv
"createprlistensockets - PR_Bind() on All Interfaces port 389 failed:
Netscape Portable Runtime error -5982 (Local Network address is in use.)"
410/290-1136 x105 (Office)
I'm having issues w/ the default configurations of the pki-ca and other
https required services.
I continue to receive HTTP Status 500 messages
"The server encountered an internal error () that prevented it from
fulfilling this request."
Any advice would be greatly appreciated.
410/290-1136 x105 (Office)
We're using Dogtag pki-ca-1.0.0-1.fc8 as an Online CA to provide
certificates in response to requests from a SLCS server.
And the log file we're seeing on the SLCS server is saying:
INFO [TP-Processor7] CertificateServlet.doProcess: CertificateSigningRequest=
-----BEGIN CERTIFICATE REQUEST-----
-----END CERTIFICATE REQUEST-----
INFO [TP-Processor7] CertificateServlet.doProcess: send certificate request to CA server
ERROR [TP-Processor7] CMCConnection.checkResponseHeaders: Invalid Content-Type in HTTP response header: text/html
So what we're thinking is that perhaps we are sending our request to the
wrong URL .. viz:
Does anyone have any ideas about this please?
Australian Research Collaboration Service
Victorian Partnership for Advanced Computing
i have fixed it, it was the certificate issued at the installation. I added a user via pkiconsole and issued a new certificate for User admin, think it is the changed Subject DN which i changed at installation.
Any idea why CA couldn't publish to external Directory? From the enable
publishing console, I put the directory server host and port number,
and the credentials. When "saved" it successfully said "CRL is
published". But not on the external hostname. Network trace showed
ldap bindrequest and searchrequest successfully sent across and
unbindrequest was the final packet. The CA console logged the error
"sdr PWsdrCache addEntry failed" each time. The failure seemed to be
from the CA rather than from the directory server.
Any info will help.